Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/17 12:0 a.m.•36 views

JVN#07677464: 050 plus for Android information management vulnerability

050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product to a system log file on the device. Impact Android applications with permissions ...

2.6CVSS6AI score0.00992EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/17 12:0 a.m.•136 views

JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation

TERASOLUNA Server Framework for JavaWeb provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for JavaWeb bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated CVE-2014-0114. Therefor...

7.5CVSS7.7AI score0.96121EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/13 3:44 a.m.•3 views

SEIL Series routers vulnerable to denial-of-service (DoS)

Overview The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC m...

5CVSS6.8AI score0.02139EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/13 3:40 a.m.•2 views

Spring Framework vulnerable to directory traversal

Overview Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Informatio...

5CVSS7AI score0.06215EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/13 12:0 a.m.•68 views

JVN#49154900: Spring Framework vulnerable to directory traversal

Spring Framework is a Java framework for developing web applications. Spring Framework contains a directory traversal vulnerability. Impact A remote attacker may be able to access arbitrary files on the server. Solution Update the software Users of 3.x should update to version 3.2.9 or later and...

5CVSS9.3AI score0.06215EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/13 12:0 a.m.•43 views

JVN#10724763: SEIL Series routers vulnerable to denial-of-service (DoS)

The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contain a denial-of-service DoS vulnerability due to an issue in processing certain packets. CWE-119 Impact By receiving a specially crafted TCP packet, a session established using PPPAC may be...

5CVSS6.4AI score0.02139EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/12 2:43 a.m.•3 views

Xml eXternal Entity Vulnerability in XML link function of Hitachi COBOL2002

Overview XML link function of Hitachi COBOL2002 contains vulnerabilities to conduct information leakage or cause a denial of service DoS condition. Impact A remote attacker could conduct information leakage or cause a denial of service DoS condition via untrusted XML document loading unexpected...

4CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/12 2:43 a.m.•3 views

Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option

Overview Hitachi Tuning Manager and JP1/Performance Management - Manager Web Option contains cross-site scripting and cross-site request forgery CSRF vulnerabilities. These vulnerabilities can not be exploited, unless logging in these products. Impact A remote attackers could insert to malicious...

6.8CVSS6.8AI score0.01161EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 5:22 a.m.•1 views

C-BOARD Moyuku vulnerable to cross-site scripting

Overview C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

4.3CVSS6AI score0.00931EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 3:22 a.m.•4 views

JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

Overview "JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid. Please note that this is a flaw in t...

7.6CVSS7.2AI score0.03592EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 12:0 a.m.•29 views

JVN#50129191: JustSystems Online Update Program bundled with JustSystems products vulnerable to arbitrary code execution

"JUST Online Update" and "JUST Online Update for J-License and the management tools" that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid. Please note that this is a flaw in the online...

7.6CVSS6.9AI score0.03592EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/11 12:0 a.m.•31 views

JVN#58029817: C-BOARD Moyuku vulnerable to cross-site scripting

C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Produc...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/06 4:48 a.m.•2 views

OpenSSL improper handling of Change Cipher Spec message

Overview OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake. OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key...

7.4CVSS9.2AI score0.95326EPSS
Exploits9References114
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/06 12:0 a.m.•67 views

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake CWE-325. Impact SSL/TLS communication between the...

7.4CVSS7.6AI score0.95326EPSS
Exploits9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/04 5:37 a.m.•2 views

CN8000 vulnerable to denial-of-service (DoS)

Overview CN8000 provided by ATEN contains a denial-of-service DoS vulnerability. CN8000 provided by ATEN is a remote access unit used to connect a keyboard, mouse and monitor to two or more computers in a remote location. CN8000 contains a denial-of-service DoS vulnerability. Testuya Nagata of...

7.8CVSS6.7AI score0.01799EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/04 5:32 a.m.•3 views

SOY CMS vulnerable to cross-site scripting

Overview SOY CMS contains a cross-site scripting vulnerability. SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system CMS. SOY CMS contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6AI score0.00931EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/04 12:0 a.m.•28 views

JVN#78136804: CN8000 vulnerable to denial-of-service (DoS)

CN8000 provided by ATEN is a remote access unit used to connect a keyboard, mouse and monitor to two or more computers in a remote location. CN8000 contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Firmware...

7.8CVSS6.5AI score0.01799EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/06/04 12:0 a.m.•30 views

JVN#54650130: SOY CMS vulnerable to cross-site scripting

SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is an open source content management system CMS. SOY CMS contains a cross-site scripting vulnerability. Impact If a user views a malicious page while logged in, an arbitrary script may be executed on the user's web browser. Solution App...

4.3CVSS5.9AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/05/08 3:46 a.m.•2 views

intra-mart vulnerable to open redirect

Overview intra-mart is a software framework for creating web applications. intra-mart contains an open redirect vulnerability. Shun Suzaki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a...

5.8CVSS6.6AI score0.01168EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/05/08 12:0 a.m.•28 views

JVN#68340046: intra-mart vulnerable to open redirect

intra-mart is a software framework for creating web applications. intra-mart contains an open redirect vulnerability. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Apply t...

5.8CVSS6.4AI score0.01168EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/30 6:14 a.m.•2 views

Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability in the Phone Messages function. Impact Processing input from a user who can log in to the system may cause denial-of-service DoS condition on the server by consuming high...

3.5CVSS6.5AI score0.01055EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/30 6:8 a.m.•4 views

Cybozu Garoon API access restriction bypass vulnerability

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability when using APIs. Impact Users who can log in to the system may delete schedule information that they do not have permission to edit. Solution Update the Software Updat...

6CVSS6.5AI score0.01064EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/30 12:0 a.m.•33 views

JVN#31230946: Cybozu Garoon API access restriction bypass vulnerability

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability when using APIs. Impact Users who can log in to the system may delete schedule information that they do not have permission to edit. Solution Update the Software Update to the...

6CVSS6.1AI score0.01064EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/30 12:0 a.m.•38 views

JVN#90519014: Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service DoS vulnerability in the Phone Messages function. Impact Processing input from a user who can log in to the system may cause denial-of-service DoS condition on the server by consuming high system...

3.5CVSS6.1AI score0.01055EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/25 6:37 a.m.•4 views

Apache Struts vulnerable to ClassLoader manipulation

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer unde...

7.5CVSS7.3AI score0.99614EPSS
Exploits7References32
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/25 12:0 a.m.•72 views

JVN#19294237: Apache Struts vulnerable to ClassLoader manipulation

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. Impact On a server where Apache Struts in running, a remote attacker may steal information or execu...

7.5CVSS8AI score0.99614EPSS
Exploits7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 5:30 a.m.•5 views

TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery

Overview e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If the administrator views a malicious page while logged in...

6.8CVSS6.8AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 4:40 a.m.•3 views

Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)

Overview Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Impact An attacker may cause a denial-of-service on a server that is...

7.8CVSS6.7AI score0.02334EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 4:35 a.m.•3 views

Cybozu Remote Service Manager vulnerable to session fixation

Overview Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As...

6.8CVSS6.8AI score0.01734EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 3:39 a.m.•2 views

AndExplorer vulnerable to directory traversal

Overview AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.4CVSS7AI score0.01521EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•34 views

JVN#00058727: Cybozu Remote Service Manager vulnerable to session fixation

Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As a result...

6.8CVSS6.5AI score0.01734EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•22 views

JVN#22670349: AndExplorer vulnerable to directory traversal

AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

6.4CVSS6.7AI score0.01521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•41 views

JVN#13313061: TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery

e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If the administrator views a malicious page while logged into the...

6.8CVSS6.5AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•37 views

JVN#10319260: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)

Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Impact An attacker may cause a denial-of-service on a server that is installed Remo...

7.8CVSS6AI score0.02334EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/16 6:6 a.m.•4 views

Redmine vulnerable to open redirect

Overview Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.8CVSS6.8AI score0.02716EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/16 12:0 a.m.•32 views

JVN#93004610: Redmine vulnerable to open redirect

Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter. Impact A user who logs into Redmine may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Upda...

5.8CVSS7.2AI score0.02716EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/14 4:45 a.m.•5 views

Content Provider in CamiApp for Android fails to restrict access permissions

Overview The Content Provider in CamiApp for Android provided by KOKUYO S Co.,Ltd. contains an issue where access permissions are not restricted. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

5.8CVSS6.4AI score0.01083EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/14 12:0 a.m.•25 views

JVN#55438786: Content Provider in CamiApp for Android fails to restrict access permissions

The Content Provider in CamiApp for Android provided by KOKUYO S&T Co.,Ltd. contains an issue where access permissions are not restricted. Impact If a user of the affected product uses another malicious Android application, information stored in the database may be obtained or altered. Solution...

5.8CVSS6.1AI score0.01083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/11 4:43 a.m.•3 views

SD Card Manager vulnerable to directory traversal

Overview SD Card Manager provided by apps4u@android contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.8CVSS7.1AI score0.01152EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/11 12:0 a.m.•28 views

JVN#47386847: SD Card Manager vulnerable to directory traversal

SD Card Manager provided by apps4u@android contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.9AI score0.01152EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/20 5:5 a.m.•1 views

ES File Explorer vulnerable to directory traversal

Overview ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.8CVSS7AI score0.01388EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/20 5:2 a.m.•5 views

Silex vulnerable to cross-site scripting

Overview Silex is a software to build websites. Silex contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be execute...

4.3CVSS6AI score0.01161EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/20 12:0 a.m.•32 views

JVN#14282890: Silex vulnerable to cross-site scripting

Silex is a software to build websites. Silex contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the developer. Products Affected Silex...

4.3CVSS5.8AI score0.01161EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/20 12:0 a.m.•26 views

JVN#70029459: ES File Explorer vulnerable to directory traversal

ES File Explorer provided by ES APP Group contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

5.8CVSS6.5AI score0.01388EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 5:9 a.m.•3 views

sp mode mail vulnerability where Java methods may be executed

Overview sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated wi...

6.8CVSS6.8AI score0.01696EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 5:8 a.m.•3 views

sp mode mail issue where emails in the process of creation may be accessed

Overview sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Androi...

4.3CVSS6.7AI score0.00893EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 5:7 a.m.•2 views

sp mode mail issue when accessing attachments in incoming mail

Overview sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Satoru Takekoshi reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6.8AI score0.00893EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 12:0 a.m.•36 views

JVN#89260331: sp mode mail vulnerability where Java methods may be executed

sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Impact When a specially crafted email is opened, an arbitrary Java method that can be...

6.8CVSS6.6AI score0.01696EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 12:0 a.m.•36 views

JVN#05951929: sp mode mail issue where emails in the process of creation may be accessed

sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android...

4.3CVSS6.6AI score0.00893EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/18 12:0 a.m.•40 views

JVN#81739241: sp mode mail issue when accessing attachments in incoming mail

sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Impact If a malicious Android application is installed on the device, attachments for...

4.3CVSS6.3AI score0.00893EPSS
Exploits0
Total number of security vulnerabilities5625