CVE-2016-4838 (GCVE-0-2016-4838)
Vulnerability from cvelistv5
Published
2017-05-12 18:00
Modified
2024-08-06 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unintended operation execution
Summary
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Money Foward, Inc. | Money Forward |
Version: prior to v7.18.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sourcenext.com/support/i/160725_1"
},
{
"name": "JVN#49343562",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN49343562/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corp.moneyforward.com/info/20160920-mf-android/"
},
{
"name": "93034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Money Forward",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v7.18.0"
}
]
},
{
"product": "Money Forward for The Gunma Bank",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.2.0"
}
]
},
{
"product": "Money Forward for SHIGA BANK",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.2.0"
}
]
},
{
"product": "Money Forward for SHIZUOKA BANK",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.4.0"
}
]
},
{
"product": "Money Forward for SBI Sumishin Net Bank",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.6.0"
}
]
},
{
"product": "Money Forward for Tokai Tokyo Securities",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.4.0"
}
]
},
{
"product": "Money Forward for THE TOHO BANK",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.3.0"
}
]
},
{
"product": "Money Forward for YMFG",
"vendor": "Money Foward, Inc.",
"versions": [
{
"status": "affected",
"version": "prior to v1.5.0"
}
]
},
{
"product": "Money Forward for AppPass",
"vendor": "SOURCENEXT CORPORATION",
"versions": [
{
"status": "affected",
"version": "prior to v7.18.3"
}
]
},
{
"product": "Money Forward for au SMARTPASS",
"vendor": "SOURCENEXT CORPORATION",
"versions": [
{
"status": "affected",
"version": "prior to v7.18.0"
}
]
},
{
"product": "Money Forward for Chou Houdai",
"vendor": "SOURCENEXT CORPORATION",
"versions": [
{
"status": "affected",
"version": "prior to v7.18.3"
}
]
}
],
"datePublic": "2016-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unintended operation execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-15T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sourcenext.com/support/i/160725_1"
},
{
"name": "JVN#49343562",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN49343562/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corp.moneyforward.com/info/20160920-mf-android/"
},
{
"name": "93034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Money Forward",
"version": {
"version_data": [
{
"version_value": "prior to v7.18.0"
}
]
}
},
{
"product_name": "Money Forward for The Gunma Bank",
"version": {
"version_data": [
{
"version_value": "prior to v1.2.0"
}
]
}
},
{
"product_name": "Money Forward for SHIGA BANK",
"version": {
"version_data": [
{
"version_value": "prior to v1.2.0"
}
]
}
},
{
"product_name": "Money Forward for SHIZUOKA BANK",
"version": {
"version_data": [
{
"version_value": "prior to v1.4.0"
}
]
}
},
{
"product_name": "Money Forward for SBI Sumishin Net Bank",
"version": {
"version_data": [
{
"version_value": "prior to v1.6.0"
}
]
}
},
{
"product_name": "Money Forward for Tokai Tokyo Securities",
"version": {
"version_data": [
{
"version_value": "prior to v1.4.0"
}
]
}
},
{
"product_name": "Money Forward for THE TOHO BANK",
"version": {
"version_data": [
{
"version_value": "prior to v1.3.0"
}
]
}
},
{
"product_name": "Money Forward for YMFG",
"version": {
"version_data": [
{
"version_value": "prior to v1.5.0"
}
]
}
}
]
},
"vendor_name": "Money Foward, Inc."
},
{
"product": {
"product_data": [
{
"product_name": "Money Forward for AppPass",
"version": {
"version_data": [
{
"version_value": "prior to v7.18.3"
}
]
}
},
{
"product_name": "Money Forward for au SMARTPASS",
"version": {
"version_data": [
{
"version_value": "prior to v7.18.0"
}
]
}
},
{
"product_name": "Money Forward for Chou Houdai",
"version": {
"version_data": [
{
"version_value": "prior to v7.18.3"
}
]
}
}
]
},
"vendor_name": "SOURCENEXT CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unintended operation execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sourcenext.com/support/i/160725_1",
"refsource": "MISC",
"url": "http://www.sourcenext.com/support/i/160725_1"
},
{
"name": "JVN#49343562",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN49343562/index.html"
},
{
"name": "http://corp.moneyforward.com/info/20160920-mf-android/",
"refsource": "CONFIRM",
"url": "http://corp.moneyforward.com/info/20160920-mf-android/"
},
{
"name": "93034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4838",
"datePublished": "2017-05-12T18:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:39:26.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…