The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.
[
{
"product": "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android",
"vendor": "The Bank of Tokyo-Mitsubishi UFJ, Ltd.",
"versions": [
{
"status": "affected",
"version": "ver5.3.1"
}
]
},
{
"product": "The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android",
"vendor": "The Bank of Tokyo-Mitsubishi UFJ, Ltd.",
"versions": [
{
"status": "affected",
"version": "ver5.2.2 and earlier"
}
]
}
]