Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for IIJ SmartKey by Internet Initiative Japan Inc.

    CVE-2022-41986 (GCVE-0-2022-41986)

    Vulnerability from nvd – Published: 2022-10-24 00:00 – Updated: 2025-05-07 16:14
    VLAI
    Summary
    Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Internet Initiative Japan Inc. IIJ SmartKey Affected: versions prior to 2.1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN74534998/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41986",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T16:12:13.238597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:14:08.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IIJ SmartKey",
              "vendor": "Internet Initiative Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 2.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure vulnerability in Android App \u0027IIJ SmartKey\u0027 versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-24T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN74534998/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-41986",
        "datePublished": "2022-10-24T00:00:00.000Z",
        "dateReserved": "2022-10-07T00:00:00.000Z",
        "dateUpdated": "2025-05-07T16:14:08.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41986 (GCVE-0-2022-41986)

    Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-07 16:14
    VLAI
    Summary
    Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Internet Initiative Japan Inc. IIJ SmartKey Affected: versions prior to 2.1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN74534998/index.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41986",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T16:12:13.238597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:14:08.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IIJ SmartKey",
              "vendor": "Internet Initiative Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 2.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure vulnerability in Android App \u0027IIJ SmartKey\u0027 versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-24T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN74534998/index.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-41986",
        "datePublished": "2022-10-24T00:00:00.000Z",
        "dateReserved": "2022-10-07T00:00:00.000Z",
        "dateUpdated": "2025-05-07T16:14:08.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2022-000080

    Vulnerability from jvndb - Published: 2022-10-14 13:57 - Updated:2024-06-27 13:40
    Severity
    Summary
    Android App "IIJ SmartKey" vulnerable to information disclosure
    Details
    Android App "IIJ SmartKey" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability (CWE-200). Naoaki Iwakiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000080.html",
      "dc:date": "2024-06-27T13:40+09:00",
      "dcterms:issued": "2022-10-14T13:57+09:00",
      "dcterms:modified": "2024-06-27T13:40+09:00",
      "description": "Android App \"IIJ SmartKey\" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability (CWE-200).\r\n\r\nNaoaki Iwakiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000080.html",
      "sec:cpe": {
        "#text": "cpe:/a:iij:iij_smartkey",
        "@product": "IIJ SmartKey",
        "@vendor": "Internet Initiative Japan Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000080",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN74534998/index.html",
          "@id": "JVN#74534998",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41986",
          "@id": "CVE-2022-41986",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41986",
          "@id": "CVE-2022-41986",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "Android App \"IIJ SmartKey\" vulnerable to information disclosure"
    }

    JVNDB-2018-000047

    Vulnerability from jvndb - Published: 2018-05-11 14:34 - Updated:2019-12-27 18:11
    Severity
    Summary
    IIJ SmartKey App for Android vulnerable to authentication bypass
    Details
    IIJ SmartKey App for Android contains an authentication bypass vulnerability. IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication (two-factor authentication) for a website from an Android device. IIJ SmartKey App for Android contains an authentication bypass vulnerability (CWE-287). Ryo Tateguchi of AndroPlus reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000047.html",
      "dc:date": "2019-12-27T18:11+09:00",
      "dcterms:issued": "2018-05-11T14:34+09:00",
      "dcterms:modified": "2019-12-27T18:11+09:00",
      "description": "IIJ SmartKey App for Android contains an authentication bypass vulnerability.\r\n\r\nIIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication (two-factor authentication) for a website from an Android device. IIJ SmartKey App for Android contains an authentication bypass vulnerability (CWE-287).\r\n\r\nRyo Tateguchi of AndroPlus reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000047.html",
      "sec:cpe": {
        "#text": "cpe:/a:iij:iij_smartkey",
        "@product": "IIJ SmartKey",
        "@vendor": "Internet Initiative Japan Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000047",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN27137002/index.html",
          "@id": "JVN#27137002",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0584",
          "@id": "CVE-2018-0584",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0584",
          "@id": "CVE-2018-0584",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "IIJ SmartKey App for Android vulnerable to authentication bypass"
    }