Vulnerability Description
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncipher | Payshield Spp Library | 1.3.12 |
References
- http://marc.info/?l=bugtraq&m=107411819503569&w=2
- http://www.ncipher.com/support/advisories/advisory8_payshield.htmlVendor Advisory
- http://www.osvdb.org/3537
- http://www.securityfocus.com/bid/9422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14832
- http://marc.info/?l=bugtraq&m=107411819503569&w=2
- http://www.ncipher.com/support/advisories/advisory8_payshield.htmlVendor Advisory
- http://www.osvdb.org/3537
- http://www.securityfocus.com/bid/9422
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14832
FAQ
What is CVE-2004-0063?
CVE-2004-0063 is a vulnerability with a CVSS score of 7.5 (HIGH). The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make ...
How severe is CVE-2004-0063?
CVE-2004-0063 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0063?
Check the references section above for vendor advisories and patch information. Affected products include: Ncipher Payshield Spp Library.