CVE-2017-9821

Name: CVE-2017-9821
Creator: NVD / NIST
Published: 2018-08-24T21:29:00.56+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.43%

Last modified Jun 17, 2026

CVE-2017-9821 is a vulnerability of currently unknown severity. The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.. EPSS estimates a 1.43% chance of exploitation in the next 30 days.

Description

The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication.

Metrics

EPSS Probability

1.43%

69.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-798

Affected Software

Vendor	Product	Versions
Npci	Bharat Interface For Money \(Bhim\)	1.3

References

https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdfBroken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/148923Third Party Advisory
https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdfBroken Link

Timeline

Published: Aug 24, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-9821?

How severe is CVE-2017-9821?

Severity scoring for CVE-2017-9821 is pending analysis. The EPSS model estimates a 1.43% probability of exploitation in the next 30 days.

How do I fix CVE-2017-9821?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9821?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST