MidnightBSD

Advisories for moneyforward

CVE-2016-4838 MEDIUM

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
moneyforward money_forward_for_apppass *
moneyforward money_forward_for_tokai_tokyo_securities *
moneyforward money_forward_for_au_smartpass *
moneyforward money_forward_for_the_gunma_bank *
moneyforward money_forward_for_ymfg *
moneyforward money_forward_for_chou_houdai *
moneyforward money_forward_for_the_toho_bank *
moneyforward money_forward_for_shiga_bank *
moneyforward money_forward_for_shizuoka_bank *
moneyforward money_forward_for_sbi_sumishin_net_bank *
CVE-2016-4839 MEDIUM

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
moneyforward money_forward_for_apppass *
moneyforward money_forward_for_tokai_tokyo_securities *
moneyforward money_forward_for_au_smartpass *
moneyforward money_forward_for_the_gunma_bank *
moneyforward money_forward_for_ymfg *
moneyforward money_forward_for_chou_houdai *
moneyforward money_forward_for_the_toho_bank *
moneyforward money_forward_for_shiga_bank *
moneyforward money_forward_for_shizuoka_bank *
moneyforward money_forward_for_sbi_sumishin_net_bank *