Japan Vulnerability NotesJVN:49465877JVN#49465877: Android App "Mercari (Merpay) - Marketplace and Mobile Payments App" (Japan version) vulnerable to improper handling of Intent
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
72.2%
Android App “Mercari (Merpay) - Marketplace and Mobile Payments App” (Japan version) provided by Mercari, Inc. is vulnerable to improper handling of Intent (CWE-939).
Impact
If a user who is using the vulnerable application accesses a malicious page, the malicious page can launch an arbitrary Activity of the application. As a result, Mercari account’s access token may be obtained.
Solution
Update the application
Update the application to the latest version according to the information provided by the developer.
The developer states there is no need for users to take any actions since the application is automatically updated when it is launched.
Products Affected
- Android App “Mercari (Merpay) - Marketplace and Mobile Payments App” (Japan version) versions prior to 4.49.1
The developer states that affected versions are no longer used at this point because the update was applied automatically when the application was launched in the past.
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
72.2%