Japan Vulnerability NotesJVN:22546110JVN#22546110: LINE@ vulnerable to script injection
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.8%
LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM (man-in-the-middle) attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
Impact
A script may be injected by a MITM (man-in-the-middle) attacker. As a result, any API can be invoked through the injected script.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
According to the developer, this vulnerability was addressed on the server side. However, the developer recommends updating the application for security purposes.
Products Affected
- LINE@ for Android version 1.0.0
- LINE@ for iOS version 1.0.0
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0005 Low
EPSS
Percentile
17.8%