ID HACKAPP:DE.APPLIKATIONSWERK.HANNOVERGUIDE.APK
Type hackapp
Reporter Hackapp.org
Modified 2017-05-17T08:08:26
Description
HackApp vulnerability scanner discovered that application Hanover published at the 'play' market has multiple vulnerabilities.
{"bulletinFamily": "software", "viewCount": 0, "hackapp": {"version": "2.0.6", "bugs": [{"description": "WebView 'addJavascriptInterface' could be used to control the host app with JavaScript bindings. Remote Code Execution (RCE) is possible.", "severity": "critical", "name": "WebView code execution", "id": "d3b615314a7f4c86b31c44915268fe6a"}, {"description": "SD-cards and other external storages have 'worldwide read' policy.", "severity": "medium", "name": "SD-card access", "id": "1d26ea3f4aca315f8dcc2c9e55d329a7"}, {"description": "All items deleted with 'file.delete()' could be recovered.", "severity": "notice", "name": "Unsafe deleting", "id": "1b9c9b6798ad8fc5be7f3a7d215b9036"}, {"description": "Are you sure these files should be here?", "severity": "notice", "name": "Suspicious files", "id": "1e021a2186ee3e0117c187f86d62b896"}, {"description": "Where do they point?", "severity": "notice", "name": "External URLs", "id": "10577751b4d72762efaf05a0bdf2a39b"}, {"description": "Native code (.so) usage 'System.loadLibrary();' is found.", "severity": "notice", "name": "Native code usage", "id": "f47e5a53a79f4c714dc93f5265063dbb"}, {"description": "Function 'Runtime.getRuntime().exec()' is used, please check where variables are come from.", "severity": "medium", "name": "Runtime command execution", "id": "1192f9d7db29cbb1179d775837126f8c"}], "store": "play", "icon": "http://lh5.ggpht.com/F4LJYe8XOS5ocyKD1C033FI9wDiNXI5n04w0e_la1tsNHQrw9DhkA7loXxeZBmT71qRd=w300", "link": "https://play.google.com/store/apps/details?id=de.applikationswerk.hannoverguide&hl=en", "release": "2015-11-01T00:00:00", "vendor": "Applikationswerk GmbH", "apk": "DE.APPLIKATIONSWERK.HANNOVERGUIDE.APK", "name": "Hanover"}, "reporter": "Hackapp.org", "references": ["https://play.google.com/store/apps/details?id=de.applikationswerk.hannoverguide&hl=en"], "description": "HackApp vulnerability scanner discovered that application Hanover published at the 'play' market has multiple vulnerabilities.", "affectedSoftware": [{"operator": "le", "version": "2.0.6", "name": "Hanover"}], "hashmap": [{"key": "affectedSoftware", "hash": "a61701e9d114133e26878131ef88b567"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "9987a4c0b65abdf5df11387418f31445"}, {"key": "hackapp", "hash": "829de8691d1aed802b01b108d3523df0"}, {"key": "href", "hash": "83f02104f283c1cc600d493a91f773e7"}, {"key": "modified", "hash": "2d01080421ced412c42e299972a6b28d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "2d01080421ced412c42e299972a6b28d"}, {"key": "references", "hash": "adab6af38bbeab797a58ba5db91ae1d6"}, {"key": "reporter", "hash": "3b012aae1848bb95fe11f3cebae83cb0"}, {"key": "title", "hash": "dd708eb2340b123c20546d9dbebe5646"}, {"key": "type", "hash": "96e87ef1fcc8d9d3cdd337488987c423"}], "href": "https://hackapp.com/report/a0c55d2504bb41179748b06d243ab624", "modified": "2017-05-17T08:08:26", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2017-05-17T08:44:15"}, "vulnersScore": 7.5}, "id": "HACKAPP:DE.APPLIKATIONSWERK.HANNOVERGUIDE.APK", "title": "Hanover - External URLs, Native code usage, Runtime command execution vulnerabilities", "hash": "26ff79dcfac07fad4024c81cc071369c8f890af8ceeb4cecad8a38cc0277bd18", "edition": 1, "published": "2017-05-17T08:08:26", "type": "hackapp", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvelist": [], "lastseen": "2017-05-17T08:44:15"}
{}
