CVE-2020-4099: HCL Verse for Android is susceptible to an APK signing key check vulnerability
First published: Fri Oct 14 2022(Updated: )
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Verse | <12.0.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-4099?
The severity of CVE-2020-4099 is high with a CVSS score of 7.5.
How does the application become vulnerable to CVE-2020-4099?
The application becomes vulnerable to CVE-2020-4099 if it was signed using a key length less than or equal to 1024 bits.
What is the potential risk of CVE-2020-4099?
CVE-2020-4099 exposes the application to potential forged digital signatures, which an attacker can use to maliciously modify the app.
Which version of Hcltech Verse is affected by CVE-2020-4099?
Hcltech Verse version up to and excluding 12.0.15 is affected by CVE-2020-4099.
Where can I find more information about CVE-2020-4099?
You can find more information about CVE-2020-4099 at the following reference: [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100861).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/description
- vendor/hcltech
- canonical/hcltech verse