Japan Vulnerability NotesJVN:81739241JVN#81739241: sp mode mail issue when accessing attachments in incoming mail
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
31.7%
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.
Impact
If a malicious Android application is installed on the device, attachments for an incoming email may be obtained.
Solution
An update to address this issue will not be provided by the developer.
Note on usage:
According to the developer, a warning about this issue has been included in the consent agreement that is displayed when launching the application for the first time in sp mode mail rev.6400 and later for Android 4.0.X and earlier, and sp mode mail rev.6800 and later for Android 4.1 and later.
Products Affected
- sp mode mail rev.6300 and earlier for Android 4.0.X and earlier
- sp mode mail rev.6700 and earlier for Android 4.1 and later
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
31.7%