CVE-2020-4100

Summary

"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime; however, dynamically loaded components are only loaded as they are specifically requested. While this can have a positive impact on performance, or grant additional functionality (for example, a non-invasive update feature), it can also open the application to loading unintended code if not implemented properly."

Affected Software

VendorProductVersion RangeStatus
n/a“HCL Verse for Android”"May 2020 Release (11.0.4) of HCL Verse Mobile for Android and older versions"affected

Weaknesses

  • "Dynamic code loading/injection"

ADP Enrichment

CVE Program Container

Additional References

References