Vulnerability Description
An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Utimf | Uti Mutual Fund Invest Online | <= 5.4.28 |
Related Weaknesses (CWE)
References
- https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-usExploitThird Party Advisory
- https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hProductThird Party Advisory
- https://cvewalkthrough.com/cve-2020-35398-uti-mutual-fund-android-application-usExploitThird Party Advisory
- https://play.google.com/store/apps/details?id=com.utimutualfunds.utimutualfund&hProductThird Party Advisory
FAQ
What is CVE-2020-35398?
CVE-2020-35398 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credent...
How severe is CVE-2020-35398?
CVE-2020-35398 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35398?
Check the references section above for vendor advisories and patch information. Affected products include: Utimf Uti Mutual Fund Invest Online.