Search

Find a vulnerability

Search criteria

    1 vulnerability found for Mizuho Direct App by Mizuho Bank, Ltd.

    JVNDB-2018-009387

    Vulnerability from jvndb - Published: 2018-11-19 15:44 - Updated:2019-08-27 16:48
    Severity
    Summary
    Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates
    Details
    Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates. Mizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates (CWE-295). Reo Yoshida reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009387.html",
      "dc:date": "2019-08-27T16:48+09:00",
      "dcterms:issued": "2018-11-19T15:44+09:00",
      "dcterms:modified": "2019-08-27T16:48+09:00",
      "description": "Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates.\r\n\r\nMizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates (CWE-295).\r\n\r\nReo Yoshida reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009387.html",
      "sec:cpe": {
        "#text": "cpe:/a:mizuhobank:mizuho_direct_application",
        "@product": "Mizuho Direct App",
        "@vendor": "Mizuho Bank, Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-009387",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU91640357/index.html",
          "@id": "JVNVU#91640357",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16179",
          "@id": "CVE-2018-16179",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16179",
          "@id": "CVE-2018-16179",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/295.html",
          "@id": "CWE-295",
          "@title": "Improper Certificate Validation(CWE-295)"
        }
      ],
      "title": "Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates"
    }