ByteOS Network

NVD Vulnerability Details :

CVE-2018-17402

Modified

Source-cve@mitre.org

Published At-23 Sep, 2018 | 22:29

Updated At-05 Aug, 2024 | 11:15

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	2.6	LOW	AV:N/AC:H/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 2.6

Base severity: LOW

Vector:

AV:N/AC:H/Au:N/C:P/I:N/A:N

CPE Matches

phonepe>>phonepe>>Versions from 3.0.6(inclusive) to 3.3.26(inclusive)

cpe:2.3:a:phonepe:phonepe:*:*:*:*:*:android:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/magicj3lly/appexploits/blob/master/PhonePe%20-%20Credit%20and%20Debit%20Card%20Leak.pdf	cve@mitre.org	Third Party Advisory

Hyperlink: https://github.com/magicj3lly/appexploits/blob/master/PhonePe%20-%20Credit%20and%20Debit%20Card%20Leak.pdf

Source: cve@mitre.org

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History