CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
31.7%
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.
If a malicious Android application is installed on the device, attachments for an incoming email may be obtained.
An update to address this issue will not be provided by the developer.
Note on usage:
According to the developer, a warning about this issue has been included in the consent agreement that is displayed when launching the application for the first time in sp mode mail rev.6400 and later for Android 4.0.X and earlier, and sp mode mail rev.6800 and later for Android 4.1 and later.