JVN#59652356: Cybozu KUNAI for Android vulnerable in the WebView class
2012-09-07T00:00:00
ID JVN:59652356 Type jvn Reporter Japan Vulnerability Notes Modified 2012-09-07T00:00:00
Description
## Description
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class.
## Impact
When there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed by the product may be disclosed.
## Solution
Update the software
Update to the latest version according to the information provided by the developer.
## Products Affected
Cybozu KUNAI for Android version 2.0.5 and earlier
{"id": "JVN:59652356", "bulletinFamily": "info", "title": "JVN#59652356: Cybozu KUNAI for Android vulnerable in the WebView class", "description": "\n ## Description\n\nCybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class.\n\n ## Impact\n\nWhen there is a malicious file in the user's Android device, clicking a file:// hyperlink may lead to the malicious file being opened and information managed by the product may be disclosed.\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Cybozu KUNAI for Android version 2.0.5 and earlier\n", "published": "2012-09-07T00:00:00", "modified": "2012-09-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://jvn.jp/en/jp/JVN59652356/index.html", "reporter": "Japan Vulnerability Notes", "references": [], "cvelist": ["CVE-2012-4012"], "type": "jvn", "lastseen": "2019-05-29T17:21:45", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4012"]}], "modified": "2019-05-29T17:21:45", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T17:21:45", "rev": 2}, "vulnersScore": 4.9}, "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:59:53", "description": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.", "edition": 6, "cvss3": {}, "published": "2012-09-08T10:28:00", "title": "CVE-2012-4012", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4012"], "modified": "2012-09-10T04:00:00", "cpe": ["cpe:/a:cybozu:kunai:2.0.5"], "id": "CVE-2012-4012", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4012", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cybozu:kunai:2.0.5:-:*:*:*:android:*:*"]}]}
