CVE-2016-15015 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2016-15015?

CVE-2016-15015 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-15015?

Check the references section above for vendor advisories and patch information. Affected products include: Paysafe Barzahlen Payment Module Php Sdk.

Vulnerability Description

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability.

CVSS Score

2.6

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Paysafe	Barzahlen Payment Module Php Sdk	< 2.0.1

Related Weaknesses (CWE)

CWE-208 CWE-203

References

https://github.com/viafintech/Barzahlen-PHP/commit/3e7d29dc0ca6c054a6d6e211f32daPatchThird Party Advisory
https://github.com/viafintech/Barzahlen-PHP/pull/8PatchThird Party Advisory
https://github.com/viafintech/Barzahlen-PHP/releases/tag/v2.0.1Release NotesThird Party Advisory
https://vuldb.com/?ctiid.217650Third Party Advisory
https://vuldb.com/?id.217650Third Party Advisory
https://github.com/viafintech/Barzahlen-PHP/commit/3e7d29dc0ca6c054a6d6e211f32daPatchThird Party Advisory
https://github.com/viafintech/Barzahlen-PHP/pull/8PatchThird Party Advisory
https://github.com/viafintech/Barzahlen-PHP/releases/tag/v2.0.1Release NotesThird Party Advisory
https://vuldb.com/?ctiid.217650Third Party Advisory
https://vuldb.com/?id.217650Third Party Advisory

FAQ

What is CVE-2016-15015?

CVE-2016-15015 is a vulnerability with a CVSS score of 2.6 (LOW). A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulatio...

How severe is CVE-2016-15015?

CVE-2016-15015 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-15015?

Check the references section above for vendor advisories and patch information. Affected products include: Paysafe Barzahlen Payment Module Php Sdk.