EUVD-2014-7113

Malware in sbrugna...

pc-sumaho-kyukyutai.pcm-re.com Cross Site Scripting vulnerability OBB-2744316

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mitsui Sumitomo Insurance SumaHo application for Android certificate validation vulnerability

Mitsui Sumitomo Insurance SumaHo application for Android is an Android-based insurance product management application from Mitsui Sumitomo Insurance in Japan. A certificate validation vulnerability exists in versions 3.0.0 and earlier of the Mitsui Sumitomo Insurance SumaHo application for Androi...

Code injection

The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server...

CVE-2014-7242

The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server...

CVE-2014-7242

The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server...

CVE-2014-7242

CVE-2014-7242 affects Mitsui Sumitomo Insurance SumaHo apps on Android: SumaHo 3.0.0 and earlier and the SumaHo “driving capability” diagnosis result transmission app v1.2.2 and earlier. The root cause is failure to verify SSL/TLS server certificates, enabling MITM attackers to spoof servers and ...

SumaHo for Android fails to verify SSL/TLS server certificates

Overview SumaHo for Android fails to verify SSL/TLS server certificates. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an...

JVN#27388160: SumaHo for Android fails to verify SSL/TLS server certificates

SumaHo for Android fails to verify SSL/TLS server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Apply the appropriate update according to the information provided by the developer. Products Affected...