cvelistv5 - CVE-2016-4839

CVE-2016-4839 (GCVE-0-2016-4839)

Vulnerability from cvelistv5

Published

2017-05-12 18:00

Modified

2024-08-06 00:39

Severity ?

CWE

WebView implmentation issue

Summary

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.

References

URL

Tags

vultures@jpcert.or.jp	http://corp.moneyforward.com/info/20160920-mf-android/	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/93035	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.sourcenext.com/support/i/160725_1	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN61297210/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://corp.moneyforward.com/info/20160920-mf-android/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93035	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.sourcenext.com/support/i/160725_1	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN61297210/index.html	Third Party Advisory, VDB Entry

Impacted products

Vendor

Product

Version

Money Foward, Inc.

Money Forward

Version: prior to v7.18.0

Money Foward, Inc.	Money Forward for The Gunma Bank	Version: prior to v1.2.0
Money Foward, Inc.	Money Forward for SHIGA BANK	Version: prior to v1.2.0
Money Foward, Inc.	Money Forward for SHIZUOKA BANK	Version: prior to v1.4.0
Money Foward, Inc.	Money Forward for SBI Sumishin Net Bank	Version: prior to v1.6.0
Money Foward, Inc.	Money Forward for Tokai Tokyo Securities	Version: prior to v1.4.0
Money Foward, Inc.	Money Forward for THE TOHO BANK	Version: prior to v1.3.0
Money Foward, Inc.	Money Forward for YMFG	Version: prior to v1.5.0
SOURCENEXT CORPORATION	Money Forward for AppPass	Version: prior to v7.18.3
SOURCENEXT CORPORATION	Money Forward for au SMARTPASS	Version: prior to v7.18.0
SOURCENEXT CORPORATION	Money Forward for Chou Houdai	Version: prior to v7.18.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:39:26.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sourcenext.com/support/i/160725_1"
          },
          {
            "name": "93035",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93035"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
          },
          {
            "name": "JVN#61297210",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Money Forward",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v7.18.0"
            }
          ]
        },
        {
          "product": "Money Forward for The Gunma Bank",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.2.0"
            }
          ]
        },
        {
          "product": "Money Forward for SHIGA BANK",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.2.0"
            }
          ]
        },
        {
          "product": "Money Forward for SHIZUOKA BANK",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.4.0"
            }
          ]
        },
        {
          "product": "Money Forward for SBI Sumishin Net Bank",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.6.0"
            }
          ]
        },
        {
          "product": "Money Forward for Tokai Tokyo Securities",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.4.0"
            }
          ]
        },
        {
          "product": "Money Forward for THE TOHO BANK",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.3.0"
            }
          ]
        },
        {
          "product": "Money Forward for YMFG",
          "vendor": "Money Foward, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v1.5.0"
            }
          ]
        },
        {
          "product": "Money Forward for AppPass",
          "vendor": "SOURCENEXT CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v7.18.3"
            }
          ]
        },
        {
          "product": "Money Forward for au SMARTPASS",
          "vendor": "SOURCENEXT CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v7.18.0"
            }
          ]
        },
        {
          "product": "Money Forward for Chou Houdai",
          "vendor": "SOURCENEXT CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "prior to v7.18.3"
            }
          ]
        }
      ],
      "datePublic": "2016-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "WebView implmentation issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-15T09:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sourcenext.com/support/i/160725_1"
        },
        {
          "name": "93035",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93035"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
        },
        {
          "name": "JVN#61297210",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4839",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Money Forward",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for The Gunma Bank",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for SHIGA BANK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for SHIZUOKA BANK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for SBI Sumishin Net Bank",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for Tokai Tokyo Securities",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for THE TOHO BANK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for YMFG",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v1.5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Money Foward, Inc."
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Money Forward for AppPass",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v7.18.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for au SMARTPASS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Money Forward for Chou Houdai",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to v7.18.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SOURCENEXT CORPORATION"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "WebView implmentation issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sourcenext.com/support/i/160725_1",
              "refsource": "MISC",
              "url": "http://www.sourcenext.com/support/i/160725_1"
            },
            {
              "name": "93035",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93035"
            },
            {
              "name": "http://corp.moneyforward.com/info/20160920-mf-android/",
              "refsource": "CONFIRM",
              "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
            },
            {
              "name": "JVN#61297210",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-4839",
    "datePublished": "2017-05-12T18:00:00",
    "dateReserved": "2016-05-17T00:00:00",
    "dateUpdated": "2024-08-06T00:39:26.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4839\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-05-12T18:29:00.233\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.\"},{\"lang\":\"es\",\"value\":\"Las Apps de Android Money Forward (anteriores a la v7.18.0), Money Forward para Gunma Bank (anteriores a la v1.2.0), Money Forward para SHIGA BANK (anteriores a la v1.2.0), Money Forward para SHIZUOKA BANK (anteriores a la v1.4.0), Money Forward para SBI Sumishin Net Bank (anteriores a la v1.6.0), Money Forward pra Tokai Tokyo Securities (anteriores a la v1.4.0), Money Forward para THE TOHO BANK (anteriores a la v1.3.0), Money Forward para YMFG (anteriores a la v1.5.0) proporcionada por Money Forward, Inc. y Money Forward para AppPass (anteriores a la v7.18.3), Money Forward para au SMARTPASS (anteriores a la v7.18.0), Money Forward para Chou Houdai (anteriores a la v7.18.3) proporcionada por SOURCENEXT CORPORATION no implementan correctamente la clase WebView, lo que permite a un atacante revelar informaci\u00f3n almacenada en el dispositivo a trav\u00e9s de una aplicaci\u00f3n especialmente manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_apppass:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"7.18.3\",\"matchCriteriaId\":\"83FADA68-143E-4C45-8779-6AEC146AE1D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_au_smartpass:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"7.18.0\",\"matchCriteriaId\":\"4CEF1CE6-342D-42A5-A021-F705036C083E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_chou_houdai:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"7.18.3\",\"matchCriteriaId\":\"26E2602A-89AC-4AA4-8081-A091EC4ACDD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_sbi_sumishin_net_bank:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.6.0\",\"matchCriteriaId\":\"1A4FECCD-9F04-47A4-9390-97373D7762C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_shiga_bank:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"283B2CE2-A1FD-41CE-904A-AA1E39B5E4BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_shizuoka_bank:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.4.0\",\"matchCriteriaId\":\"250435CC-B732-45FC-BD24-258C94F70DCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_the_gunma_bank:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.2.0\",\"matchCriteriaId\":\"89B4F529-A40F-428B-8693-EB3B8DCC91AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_the_toho_bank:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.3.0\",\"matchCriteriaId\":\"81579A14-9065-4005-8A21-0BAF609F270D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_tokai_tokyo_securities:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.4.0\",\"matchCriteriaId\":\"D054BF25-422B-4F23-9003-C4E653308BE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moneyforward:money_forward_for_ymfg:*:*:*:*:*:android:*:*\",\"versionEndExcluding\":\"1.5.0\",\"matchCriteriaId\":\"9982DA7F-E4EF-48FC-9F26-EE5EC0C267BA\"}]}]}],\"references\":[{\"url\":\"http://corp.moneyforward.com/info/20160920-mf-android/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/93035\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.sourcenext.com/support/i/160725_1\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jvn.jp/en/jp/JVN61297210/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://corp.moneyforward.com/info/20160920-mf-android/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/93035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.sourcenext.com/support/i/160725_1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jvn.jp/en/jp/JVN61297210/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

gsd-2016-4839

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-4839

Aliases

CVE-2016-4839

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4839",
    "description": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.",
    "id": "GSD-2016-4839"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4839"
      ],
      "details": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.",
      "id": "GSD-2016-4839",
      "modified": "2023-12-13T01:21:18.720546Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2016-4839",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Money Forward",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v7.18.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for The Gunma Bank",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.2.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for SHIGA BANK",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.2.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for SHIZUOKA BANK",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.4.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for SBI Sumishin Net Bank",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.6.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for Tokai Tokyo Securities",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.4.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for THE TOHO BANK",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.3.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for YMFG",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v1.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Money Foward, Inc."
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Money Forward for AppPass",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v7.18.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for au SMARTPASS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v7.18.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Money Forward for Chou Houdai",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "prior to v7.18.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SOURCENEXT CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "WebView implmentation issue"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.sourcenext.com/support/i/160725_1",
            "refsource": "MISC",
            "url": "http://www.sourcenext.com/support/i/160725_1"
          },
          {
            "name": "93035",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93035"
          },
          {
            "name": "http://corp.moneyforward.com/info/20160920-mf-android/",
            "refsource": "CONFIRM",
            "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
          },
          {
            "name": "JVN#61297210",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_apppass:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.18.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_au_smartpass:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_chou_houdai:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.18.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_sbi_sumishin_net_bank:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_shiga_bank:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_shizuoka_bank:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_the_gunma_bank:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_the_toho_bank:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_tokai_tokyo_securities:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moneyforward:money_forward_for_ymfg:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-4839"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#61297210",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
            },
            {
              "name": "http://www.sourcenext.com/support/i/160725_1",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.sourcenext.com/support/i/160725_1"
            },
            {
              "name": "http://corp.moneyforward.com/info/20160920-mf-android/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
            },
            {
              "name": "93035",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93035"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-05-12T16:24Z",
      "publishedDate": "2017-05-12T18:29Z"
    }
  }
}

ghsa-h25f-2g8f-4527

Vulnerability from github

Published

2022-05-13 01:10

Modified

2025-04-20 03:37

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-12T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.",
  "id": "GHSA-h25f-2g8f-4527",
  "modified": "2025-04-20T03:37:38Z",
  "published": "2022-05-13T01:10:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4839"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
    },
    {
      "type": "WEB",
      "url": "http://corp.moneyforward.com/info/20160920-mf-android"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93035"
    },
    {
      "type": "WEB",
      "url": "http://www.sourcenext.com/support/i/160725_1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2016-4839

Vulnerability from jvndb

Published

2016-09-20 15:19

Modified

2017-11-27 18:01

Severity ?

4.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

Money Forward Apps for Android vulnerable in the WebView class

Details

Money Forward Apps for Android contain a vulnerability in the WebView class. Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN61297210/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4839
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4839
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Money Forward, Inc.	Money Forward
	SOURCENEXT CORPORATION	Money Forward

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000160.html",
  "dc:date": "2017-11-27T18:01+09:00",
  "dcterms:issued": "2016-09-20T15:19+09:00",
  "dcterms:modified": "2017-11-27T18:01+09:00",
  "description": "Money Forward Apps for Android contain a vulnerability in the WebView class.\r\n\r\nKenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000160.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:money_forward_inc:money_forward",
      "@product": "Money Forward",
      "@vendor": "Money Forward, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sourcenext:money_forward",
      "@product": "Money Forward",
      "@vendor": "SOURCENEXT CORPORATION",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000160",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN61297210/index.html",
      "@id": "JVN#61297210",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4839",
      "@id": "CVE-2016-4839",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4839",
      "@id": "CVE-2016-4839",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Money Forward Apps for Android vulnerable in the WebView class"
}

fkie_cve-2016-4839

Vulnerability from fkie_nvd

Published

2017-05-12 18:29

Modified

2025-04-20 01:37

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://corp.moneyforward.com/info/20160920-mf-android/	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/93035	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.sourcenext.com/support/i/160725_1	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN61297210/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://corp.moneyforward.com/info/20160920-mf-android/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93035	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.sourcenext.com/support/i/160725_1	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN61297210/index.html	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
moneyforward	money_forward_for_apppass	*
moneyforward	money_forward_for_au_smartpass	*
moneyforward	money_forward_for_chou_houdai	*
moneyforward	money_forward_for_sbi_sumishin_net_bank	*
moneyforward	money_forward_for_shiga_bank	*
moneyforward	money_forward_for_shizuoka_bank	*
moneyforward	money_forward_for_the_gunma_bank	*
moneyforward	money_forward_for_the_toho_bank	*
moneyforward	money_forward_for_tokai_tokyo_securities	*
moneyforward	money_forward_for_ymfg	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_apppass:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "83FADA68-143E-4C45-8779-6AEC146AE1D7",
              "versionEndExcluding": "7.18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_au_smartpass:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "4CEF1CE6-342D-42A5-A021-F705036C083E",
              "versionEndExcluding": "7.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_chou_houdai:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "26E2602A-89AC-4AA4-8081-A091EC4ACDD4",
              "versionEndExcluding": "7.18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_sbi_sumishin_net_bank:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "1A4FECCD-9F04-47A4-9390-97373D7762C7",
              "versionEndExcluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_shiga_bank:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "283B2CE2-A1FD-41CE-904A-AA1E39B5E4BD",
              "versionEndExcluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_shizuoka_bank:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "250435CC-B732-45FC-BD24-258C94F70DCB",
              "versionEndExcluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_the_gunma_bank:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "89B4F529-A40F-428B-8693-EB3B8DCC91AA",
              "versionEndExcluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_the_toho_bank:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "81579A14-9065-4005-8A21-0BAF609F270D",
              "versionEndExcluding": "1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_tokai_tokyo_securities:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "D054BF25-422B-4F23-9003-C4E653308BE4",
              "versionEndExcluding": "1.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moneyforward:money_forward_for_ymfg:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "9982DA7F-E4EF-48FC-9F26-EE5EC0C267BA",
              "versionEndExcluding": "1.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application."
    },
    {
      "lang": "es",
      "value": "Las Apps de Android Money Forward (anteriores a la v7.18.0), Money Forward para Gunma Bank (anteriores a la v1.2.0), Money Forward para SHIGA BANK (anteriores a la v1.2.0), Money Forward para SHIZUOKA BANK (anteriores a la v1.4.0), Money Forward para SBI Sumishin Net Bank (anteriores a la v1.6.0), Money Forward pra Tokai Tokyo Securities (anteriores a la v1.4.0), Money Forward para THE TOHO BANK (anteriores a la v1.3.0), Money Forward para YMFG (anteriores a la v1.5.0) proporcionada por Money Forward, Inc. y Money Forward para AppPass (anteriores a la v7.18.3), Money Forward para au SMARTPASS (anteriores a la v7.18.0), Money Forward para Chou Houdai (anteriores a la v7.18.3) proporcionada por SOURCENEXT CORPORATION no implementan correctamente la clase WebView, lo que permite a un atacante revelar informaci\u00f3n almacenada en el dispositivo a trav\u00e9s de una aplicaci\u00f3n especialmente manipulada."
    }
  ],
  "id": "CVE-2016-4839",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T18:29:00.233",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93035"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.sourcenext.com/support/i/160725_1"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://corp.moneyforward.com/info/20160920-mf-android/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.sourcenext.com/support/i/160725_1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN61297210/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-4839 (GCVE-0-2016-4839)

Vulnerability from cvelistv5

gsd-2016-4839

Vulnerability from gsd

ghsa-h25f-2g8f-4527

Vulnerability from github

CVE-2016-4839

Vulnerability from jvndb

fkie_cve-2016-4839

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature