CVE-2021-25648
Published Feb 16, 2021
Last updated a year ago
Overview
- Description
- Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "706D1B98-0971-4FF6-BBC1-98430941EEAB",
"versionEndIncluding": "11.4"
},
{
"criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "74ACB733-28D4-40C2-9752-8A6638D0F972",
"versionEndIncluding": "11.4"
}
],
"operator": "OR"
}
]
}
]