HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in th…
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities.
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
https://cwe.mitre.org/data/definitions/1326.html →Open in CWE collection →Many languages use code signing facilities to vouch for code's identity and to thus tie code to its assigned privileges within an environment. Subverting this mechanism can be instrumental in an attacker escalating privilege. Any means of subverting the way that a virtual machine enforces code signing classifies for this style of attack.
https://capec.mitre.org/data/definitions/68.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/679.html →Open in CAPEC collection →
| Product | Vendor | Status |
|---|---|---|
| dryice_aex | * | Tracked |