Automatic information enumeration - Credit Cards
Description
It is possible to automatically list credit card information, as the expiration date and security code are not validated.
Impact
List credit cards in payments.
Recommendation
Filter the information received for payments.
Threat
Attacker with access to the application from the Internet.
Expected Remediation Time
⏱️ 120 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
H
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N