CVE-2019-20455
MEDIUMGlobal Payments PHP SDK < 2.0.0 - Improper Certificate Validation
Title source: llmDescription
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/globalpayments/php-sdk/releases/tag/2.0.0
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0
Exploit, Patch, Third Party Advisory, URL Repurposed x_refsource_misc
https://winterdragon.ca/global-payments-vulnerability/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/globalpayments/php-sdk/pull/8
Scores
CVSS v3
5.9
EPSS
0.0098
EPSS Percentile
57.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-295
Status
published
Products (2)
globalpayments/php-sdk
0 - 2.0.0Packagist
globalpayments/php_sdk
< 2.0.0
Published
Feb 14, 2020
Tracked Since
Feb 18, 2026