Lucene search

JpcertCVE-2022-35734

HistoryAug 16, 2022 - 8:15 a.m.

CVE-2022-35734

2022-08-1608:15:09

CWE-798

jpcert

web.nvd.nist.gov

352

hulu

フールー

app

android

cve-2022-35734

api key

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

‘Hulu / フールー’ App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

Affected configurations

Nvd

Vulners

Node

hjholdingshuluRange3.0.47–3.1.2android

VendorProductVersionCPE
hjholdingshulu*cpe:2.3:a:hjholdings:hulu:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
hjholdings	hulu	*	cpe:2.3:a:hjholdings:hulu::::::android::*

CNA Affected

[
  {
    "product": "'Hulu / フールー' App for Android",
    "vendor": "HJ Holdings, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "from version 3.0.47 to the version prior to 3.1.2"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN40907489/index.html

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVE-2022-35734