Mobile Application Vulnerability in Cybozu kintone for Android
CVE-2016-1185

2.5LOW

Key Information:

Vendor

Cybozu
Status
Kintone
Vendor
CVE Published:
25 April 2016

What is CVE-2016-1185?

The Cybozu kintone mobile application for Android prior to version 1.0.6 contains a vulnerability that allows attackers to expose an authentication token by using a specially crafted application. This exposure could enable unauthorized access to user accounts and sensitive information, raising significant security concerns for users of the application.

References

http://jvn.jp/en/jp/JVN89026267/index.html
third-party-advisoryx_refsource_JVN
http://www.securityfocus.com/bid/96842
vdb-entryx_refsource_BID
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055
third-party-advisoryx_refsource_JVNDB

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.