Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability found for Mizuho Direct App by Mizuho Bank, Ltd.

JVNDB-2018-009387

Vulnerability from jvndb - Published: 2018-11-19 15:44 - Updated:2019-08-27 16:48
Severity ?
4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates
Details
Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates. Mizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates (CWE-295). Reo Yoshida reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009387.html",
  "dc:date": "2019-08-27T16:48+09:00",
  "dcterms:issued": "2018-11-19T15:44+09:00",
  "dcterms:modified": "2019-08-27T16:48+09:00",
  "description": "Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates.\r\n\r\nMizuho Bank Mizuho Direct App for Android provided by Mizuho Bank, Ltd. fails to verify SSL server certificates (CWE-295).\r\n\r\nReo Yoshida reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-009387.html",
  "sec:cpe": {
    "#text": "cpe:/a:mizuhobank:mizuho_direct_application",
    "@product": "Mizuho Direct App",
    "@vendor": "Mizuho Bank, Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-009387",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU91640357/index.html",
      "@id": "JVNVU#91640357",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16179",
      "@id": "CVE-2018-16179",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16179",
      "@id": "CVE-2018-16179",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/295.html",
      "@id": "CWE-295",
      "@title": "Improper Certificate Validation(CWE-295)"
    }
  ],
  "title": "Mizuho Bank Mizuho Direct App for Android fails to verify SSL server certificates"
}