Japan Vulnerability NotesJVN:99192898JVN#99192898: Multiple GREE Android applications vulnerable in the WebView class
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.6%
Multiple Android applications that use the SDK for HTML-based applications provided by GREE contain a vulnerability in the WebView class.
Impact
If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Products Affected
- GREE versions prior to 1.4.0
- Tanken Dorirando versions prior to 1.0.7
- Tsurisuta versions prior to 1.5.0
- Monpura versions prior to 1.1.1
- Kaizokuoukoku Columbus versions prior to 1.3.5
- haconiwa versions prior to 1.1.0
- Seisen Cerberus versions prior to 1.1.0
- GREE Market versions prior to 2.1.2
Note that these applications are available only in Japanese.
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.6%