CVE-2020-4100 — MEDIUM (4.4)

Vulnerability Description

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Hcltechsw	Hcl Verse	11.0.4

Related Weaknesses (CWE)

CWE-913

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080800Vendor Advisory

FAQ

What is CVE-2020-4100?

CVE-2020-4100 is a vulnerability with a CVSS score of 4.4 (MEDIUM). "HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application i...

How severe is CVE-2020-4100?

CVE-2020-4100 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-4100?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltechsw Hcl Verse.