Strix
26.1K

CVE-2020-4100

MEDIUMCVSS 4.4/10EPSS 0.28%

Last modified

CVE-2020-4100 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. "HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. EPSS estimates a 0.28% chance of exploitation in the next 30 days.

Description

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."

Metrics

CVSS 3.1
4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.28%

19.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HcltechswHcl Verse11.0.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-4100?
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."
How severe is CVE-2020-4100?
CVE-2020-4100 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.28% probability of exploitation in the next 30 days.
How do I fix CVE-2020-4100?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-4100?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST