Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Toyoko Inn official App for Android by Toyoko Inn IT Solution Co., Ltd.
CVE-2024-27440 (GCVE-0-2024-27440)
Vulnerability from nvd – Published: 2024-03-13 05:40 – Updated: 2024-08-05 13:41
VLAI
EPSS
VEX
Summary
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper server certificate verification
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Toyoko Inn IT Solution Co., Ltd. | Toyoko Inn official App for iOS |
Affected:
prior to 1.13.0
|
|
| Toyoko Inn IT Solution Co., Ltd. | Toyoko Inn official App for Android |
Affected:
prior 1.3.14
|
|
| toyoko_inn | toyoko_inn |
Affected:
0 , < 1.13.0
(custom)
cpe:2.3:a:toyoko_inn:toyoko_inn:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN52919306/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:toyoko_inn:toyoko_inn:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "toyoko_inn",
"vendor": "toyoko_inn",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T14:30:43.556851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T13:41:39.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Toyoko Inn official App for iOS",
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.0"
}
]
},
{
"product": "Toyoko Inn official App for Android",
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior 1.3.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don\u0027t properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper server certificate verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T05:40:22.838Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270"
},
{
"url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid"
},
{
"url": "https://jvn.jp/en/jp/JVN52919306/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27440",
"datePublished": "2024-03-13T05:40:22.838Z",
"dateReserved": "2024-02-26T01:49:51.712Z",
"dateUpdated": "2024-08-05T13:41:39.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27440 (GCVE-0-2024-27440)
Vulnerability from cvelistv5 – Published: 2024-03-13 05:40 – Updated: 2024-08-05 13:41
VLAI
EPSS
VEX
Summary
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper server certificate verification
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Toyoko Inn IT Solution Co., Ltd. | Toyoko Inn official App for iOS |
Affected:
prior to 1.13.0
|
|
| Toyoko Inn IT Solution Co., Ltd. | Toyoko Inn official App for Android |
Affected:
prior 1.3.14
|
|
| toyoko_inn | toyoko_inn |
Affected:
0 , < 1.13.0
(custom)
cpe:2.3:a:toyoko_inn:toyoko_inn:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN52919306/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:toyoko_inn:toyoko_inn:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "toyoko_inn",
"vendor": "toyoko_inn",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T14:30:43.556851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T13:41:39.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Toyoko Inn official App for iOS",
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.0"
}
]
},
{
"product": "Toyoko Inn official App for Android",
"vendor": "Toyoko Inn IT Solution Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior 1.3.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don\u0027t properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper server certificate verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T05:40:22.838Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270"
},
{
"url": "https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid"
},
{
"url": "https://jvn.jp/en/jp/JVN52919306/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27440",
"datePublished": "2024-03-13T05:40:22.838Z",
"dateReserved": "2024-02-26T01:49:51.712Z",
"dateUpdated": "2024-08-05T13:41:39.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}