CVE-2016-4839

EPSS 0.56%
Veröffentlicht 12.05.2017 18:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moneyforward ≫ Money Forward For Apppass SwPlatformandroid Version < 7.18.3

Moneyforward ≫ Money Forward For Au Smartpass SwPlatformandroid Version < 7.18.0

Moneyforward ≫ Money Forward For Chou Houdai SwPlatformandroid Version < 7.18.3

Moneyforward ≫ Money Forward For Sbi Sumishin Net Bank SwPlatformandroid Version < 1.6.0

Moneyforward ≫ Money Forward For Shiga Bank SwPlatformandroid Version < 1.2.0

Moneyforward ≫ Money Forward For Shizuoka Bank SwPlatformandroid Version < 1.4.0

Moneyforward ≫ Money Forward For The Gunma Bank SwPlatformandroid Version < 1.2.0

Moneyforward ≫ Money Forward For The Toho Bank SwPlatformandroid Version < 1.3.0

Moneyforward ≫ Money Forward For Tokai Tokyo Securities SwPlatformandroid Version < 1.4.0

Moneyforward ≫ Money Forward For Ymfg SwPlatformandroid Version < 1.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.673

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://corp.moneyforward.com/info/20160920-mf-android/

Third Party Advisory

VDB Entry

http://www.sourcenext.com/support/i/160725_1

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/93035

Third Party Advisory

VDB Entry

https://jvn.jp/en/jp/JVN61297210/index.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-4839

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4839

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4839

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-4839