CVE Details
Basic Information
| Title |
Tmall Demo Payment Identifier pay random values |
| Type |
cve |
| Published |
2025-05-24T23:31:04.556Z |
| Last Seen |
|
Product Information
| Vendor |
Tmall |
| Product |
Demo |
| Version |
20250505 |
CVSS Information
| Base Score |
6.3 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A vulnerability in Tmall Demo’s payment identifier handler allows remote attackers to exploit insufficiently random values, potentially leading to security issues. The attack is complex and difficult to exploit, but the vulnerability has been publicly disclosed and may be used. The vendor was contacted but did not respond. |
| AI Severity |
Medium |
| Vendor |
Tmall |
| Product |
Demo |
| Affected Version |
20250505 |
Additional Information
| CVE List |
|
| CWE List |
CWE-330, CWE-310 |
| Bulletin Family |
|
| Source Data |
Tmall Demo 20250505 |
Source Information
| Source Data |
Tmall Demo 20250505 |
| Source Link |
|
Description
A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
View Full CVE Details
