Search

Find a vulnerability

Search criteria

    1 vulnerability found for ABEMA by AbemaTV, Inc.

    JVNDB-2024-000031

    Vulnerability from jvndb - Published: 2024-03-15 16:37 - Updated:2024-03-15 16:37
    Severity
    Summary
    "ABEMA" App for Android fails to restrict access permissions
    Details
    "ABEMA" App for Android provided by AbemaTV, Inc. fails to restrict access permissions (CWE-926) that allows another app installed on the user's device to access an arbitrary URL on "ABEMA" App via Intent. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000031.html",
      "dc:date": "2024-03-15T16:37+09:00",
      "dcterms:issued": "2024-03-15T16:37+09:00",
      "dcterms:modified": "2024-03-15T16:37+09:00",
      "description": "\"ABEMA\" App for Android provided by AbemaTV, Inc. fails to restrict access permissions (CWE-926) that allows another app installed on the user\u0027s device to access an arbitrary URL on \"ABEMA\" App via Intent.\r\n\r\nShiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000031.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:abematv_abema",
        "@product": "ABEMA",
        "@vendor": "AbemaTV, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000031",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN70640802/index.html",
          "@id": "JVN#70640802",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28745",
          "@id": "CVE-2024-28745",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "\"ABEMA\" App for Android fails to restrict access permissions"
    }