Dynamic Code Loading Vulnerability in HCL Verse for Android
CVE-2020-4100

4.4MEDIUM

Key Information:

Vendor: HCL Software
Status: "hcl Verse For Android"
Vendor: CVE Published:; 15 July 2020

Summary

The dynamic code loading mechanism in HCL Verse for Android allows certain components to be loaded conditionally rather than at startup. While this approach can enhance performance and support in-app updates, it introduces a potential risk if the code loading is not securely managed. If an attacker can manipulate the request for these dynamic components, they might execute unintended code, compromising the integrity and security of the application. Proper implementation and validation are essential to mitigate these risks and protect user data.

Affected Version(s)

"HCL Verse for Android" "May 2020 Release (11.0.4) of HCL Verse Mobile for Android and older versions"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Dec 30, 2019