← Back

Unionpayintl

unionpayintl

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Union Pay
union_pay
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-36285
1Unionpayintl
1Union Pay
Nov 21, 2024
Apr 6, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted aut...Show more
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.Show less
CVE-2020-36284
1Unionpayintl
1Union Pay
Nov 21, 2024
Apr 6, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authent...Show more
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.Show less
CVE-2020-23533
1Unionpayintl
1Union Pay
Nov 21, 2024
Apr 6, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted au...Show more
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.Show less