{"title": "\u041c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043d\u043a - Corrupted files, Dynamic Code Loading, Exported components vulnerabilities", "published": "2017-01-20T15:08:36", "references": ["https://play.google.com/store/apps/details?id=com.mobilecard.sberbank&hl=en"], "hackapp": {"link": "https://play.google.com/store/apps/details?id=com.mobilecard.sberbank&hl=en", "store": "play", "release": "2015-08-03T00:00:00", "icon": "http://lh3.ggpht.com/_xu4RhES8wAM7iTCxTN7wUzYmDj2RjDN3G81Imvf-ZitMAzM7mRyOXez06c-pzzkvrDp=w300", "version": "1.5.8", "vendor": "Mobile Card LLC", "name": "\u041c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043d\u043a", "bugs": [{"id": "53ce1ba3c757db92cf4410b5fe1bc69d", "description": "SD-cards and other external storages have 'worldwide read' policy.", "name": "SD-card access", "severity": "medium"}, {"id": "449cd8e6ad2d43be5ecb2d055243d783", "description": "All items deleted with 'file.delete()' could be recovered.", "name": "Unsafe deleting", "severity": "notice"}, {"id": "7e8b99fbe0f5f903e8024062c54d56cc", "description": "Were do they point?", "name": "External URLs", "severity": "notice"}, {"id": "0040efb38a7b3d8ca5b9ec650cbf14e9", "description": "Are you sure these files should be here?", "name": "Suspicious files", "severity": "notice"}, {"id": "f62cb98103c1624e19e833d6ce4feeb9", "description": "Other applications could access the interfaces.", "name": "Exported components", "severity": "medium"}, {"id": "0952af41d89fd5aa6442499e01023851", "description": "WebView 'setJavaScriptEnabled(true)' could be exploited during cross-site scripting attacks.", "name": "WebView JavaScript enabled", "severity": "medium"}, {"id": "c343dd9d25447d52aa357c251b967baa", "description": "Code for 'DexClassLoader' could be tampered.", "name": "Dynamic Code Loading", "severity": "medium"}, {"id": "8feac2b76cf8b2d468bf0431d80d238a", "description": "Control of WebView context allows to access local files.\n\t\t\t", "name": "WebView files access", "severity": "medium"}, {"id": "b6d68075c1130e4a30ee98928e31ad58", "description": "Can't parse these files. Corrupted? Check manually.", "name": "Corrupted files", "severity": "notice"}], "apk": "COM.MOBILECARD.SBERBANK.APK"}, "type": "hackapp", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "cvelist": [], "viewCount": 2, "affectedSoftware": [{"version": "1.5.8", "name": "\u041c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043d\u043a", "operator": "le"}], "hash": "d780fb8cfd5def3c6b428ec937c7997aaa302b82519c10c009108fbcf1ff46cd", "id": "HACKAPP:COM.MOBILECARD.SBERBANK.APK", "modified": "2017-01-20T15:08:36", "history": [], "href": "https://hackapp.com/report/bd64d31235ee37979ff1eab2dff81a4d", "hashmap": [{"hash": "dcaa1501105afd11b2c7eaf7f585c4b9", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "759f4d8d3462ec18a38ec4adebb0ffac", "key": "description"}, {"hash": "914ec0010998c72d6aa79648d6319222", "key": "hackapp"}, {"hash": "4e1217d3663105ecfbb95046879f2108", "key": "href"}, {"hash": "bdd54078151af0048028b9d0afc6fe1b", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "bdd54078151af0048028b9d0afc6fe1b", "key": "published"}, {"hash": "561699155f1437ccd32f3f00fc862d2a", "key": "references"}, {"hash": "3b012aae1848bb95fe11f3cebae83cb0", "key": "reporter"}, {"hash": "74ed9d6eba8b71f171f321733ec88156", "key": "title"}, {"hash": "96e87ef1fcc8d9d3cdd337488987c423", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "HackApp vulnerability scanner discovered that application \u041c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0431\u0430\u043d\u043a published at the 'play' market has multiple vulnerabilities.", "bulletinFamily": "software", "reporter": "Hackapp.org", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-01-20T15:04:30"}

{}