SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2020-7745

This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.1		CVSS Score : 10.0
Exploit Score: 2.8		Exploit Score: 10.0
Impact Score: 4.2		Impact Score: 10.0

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: COMPLETE
Scope: UNCHANGED		Integrity: COMPLETE
Confidentiality: LOW		Availability: COMPLETE
Integrity: HIGH
Availability: NONE

Reference:

https://snyk.io/blog/remote-code-execution-rce-sourmint/

https://snyk.io/research/sour-mint-malicious-sdk/%23rce

https://snyk.io/vuln/SNYK-COCOAPODS-MINTEGRALADSDK-1019377

https://www.youtube.com/watch?v=n-mEMkeoUqs


30430



423868



247621



909



194512



282