diff --git a/2018/17xxx/CVE-2018-17400.json b/2018/17xxx/CVE-2018-17400.json index 3ee0d47f1ba..131a22a1215 100644 --- a/2018/17xxx/CVE-2018-17400.json +++ b/2018/17xxx/CVE-2018-17400.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application." + "value" : "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." } ] }, diff --git a/2018/17xxx/CVE-2018-17401.json b/2018/17xxx/CVE-2018-17401.json index da4a08d537c..6fb7e7f10e9 100644 --- a/2018/17xxx/CVE-2018-17401.json +++ b/2018/17xxx/CVE-2018-17401.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature." + "value" : "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." } ] }, diff --git a/2018/17xxx/CVE-2018-17402.json b/2018/17xxx/CVE-2018-17402.json index c327bb7eb08..5110a2de5cb 100644 --- a/2018/17xxx/CVE-2018-17402.json +++ b/2018/17xxx/CVE-2018-17402.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number." + "value" : "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." } ] }, diff --git a/2018/17xxx/CVE-2018-17404.json b/2018/17xxx/CVE-2018-17404.json index aa3475b8faa..058e056bf67 100644 --- a/2018/17xxx/CVE-2018-17404.json +++ b/2018/17xxx/CVE-2018-17404.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth." + "value" : "** DISPUTED ** The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date of birth. NOTE: a third-party says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." } ] },