How severe is CVE-2020-7705?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-7705?

This is classified as CWE-1021, which is a common weakness in software security.

CVE-2020-7705 - HIGH Severity | CVSS 8.1

Vulnerability Description

This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.

Related Vulnerabilities

CVE-2020-13119

HIGH

CVSS:8.1(High)

ismartgate PRO 1.5.9 is vulnerable to clickjacking.

CWE-10212020

CVE-2021-23976

HIGH

CVSS:8.1(High)

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be us...

CWE-10212021

CVE-2024-11700

HIGH

CVSS:8.1(High)

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposi...

CWE-10212024

CVE-2024-33377

HIGH

CVSS:8.1(High)

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with cr...

CWE-10212024

CVE-2019-16371

HIGH

CVSS:8.2(High)

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be b...

CWE-10212019

CVE-2021-0433

HIGH

CVSS:8.0(High)

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of pri...

CWE-10212021