Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for kintone by cybozu

    CVE-2020-5573 (GCVE-0-2020-5573)

    Vulnerability from nvd – Published: 2020-05-29 08:40 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.533Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN78745667/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cybozu.support/article/36211/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android App \u0027kintone mobile for Android\u0027",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0 to 2.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Android App \u0027kintone mobile for Android\u0027 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-29T08:40:17.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN78745667/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cybozu.support/article/36211/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5573",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android App \u0027kintone mobile for Android\u0027",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0 to 2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Android App \u0027kintone mobile for Android\u0027 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN78745667/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN78745667/index.html"
                },
                {
                  "name": "https://kb.cybozu.support/article/36211/",
                  "refsource": "MISC",
                  "url": "https://kb.cybozu.support/article/36211/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5573",
        "datePublished": "2020-05-29T08:40:17.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7816 (GCVE-0-2016-7816)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Fails to verify SSL certificates
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN20252219/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/94547 vdb-entryx_refsource_BID
    https://support.cybozu.com/ja-jp/article/9719 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. kintone mobile for Android Affected: 1.0.6 and earlier
    Create a notification for this product.
    Date Public
    2016-11-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.029Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#20252219",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN20252219/index.html"
              },
              {
                "name": "94547",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94547"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/9719"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kintone mobile for Android",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.6 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to verify SSL certificates",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#20252219",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN20252219/index.html"
            },
            {
              "name": "94547",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94547"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9719"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kintone mobile for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.6 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to verify SSL certificates"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#20252219",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN20252219/index.html"
                },
                {
                  "name": "94547",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94547"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/9719",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/9719"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7816",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1186 (GCVE-0-2016-1186)

    Vulnerability from nvd – Published: 2017-04-21 20:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97976 vdb-entryx_refsource_BID
    http://jvn.jp/en/jp/JVN91816422/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/9480 x_refsource_CONFIRM
    http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-0… third-party-advisoryx_refsource_JVNDB
    Date Public
    2016-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97976",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97976"
              },
              {
                "name": "JVN#91816422",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN91816422/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/9480"
              },
              {
                "name": "JVNDB-2016-000056",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-25T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "97976",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97976"
            },
            {
              "name": "JVN#91816422",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN91816422/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9480"
            },
            {
              "name": "JVNDB-2016-000056",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97976",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97976"
                },
                {
                  "name": "JVN#91816422",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN91816422/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/9480",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/9480"
                },
                {
                  "name": "JVNDB-2016-000056",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1186",
        "datePublished": "2017-04-21T20:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1185 (GCVE-0-2016-1185)

    Vulnerability from nvd – Published: 2016-04-25 18:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN89026267/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96842 vdb-entryx_refsource_BID
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055 third-party-advisoryx_refsource_JVNDB
    https://support.cybozu.com/ja-jp/article/9479 x_refsource_CONFIRM
    Date Public
    2016-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#89026267",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN89026267/index.html"
              },
              {
                "name": "96842",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96842"
              },
              {
                "name": "JVNDB-2016-000055",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/9479"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-14T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#89026267",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN89026267/index.html"
            },
            {
              "name": "96842",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96842"
            },
            {
              "name": "JVNDB-2016-000055",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9479"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#89026267",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN89026267/index.html"
                },
                {
                  "name": "96842",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96842"
                },
                {
                  "name": "JVNDB-2016-000055",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/9479",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/9479"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1185",
        "datePublished": "2016-04-25T18:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5573 (GCVE-0-2020-5573)

    Vulnerability from cvelistv5 – Published: 2020-05-29 08:40 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.533Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN78745667/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kb.cybozu.support/article/36211/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android App \u0027kintone mobile for Android\u0027",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0 to 2.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Android App \u0027kintone mobile for Android\u0027 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-29T08:40:17.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN78745667/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kb.cybozu.support/article/36211/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5573",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android App \u0027kintone mobile for Android\u0027",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0 to 2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Android App \u0027kintone mobile for Android\u0027 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN78745667/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN78745667/index.html"
                },
                {
                  "name": "https://kb.cybozu.support/article/36211/",
                  "refsource": "MISC",
                  "url": "https://kb.cybozu.support/article/36211/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5573",
        "datePublished": "2020-05-29T08:40:17.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7816 (GCVE-0-2016-7816)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • Fails to verify SSL certificates
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN20252219/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/94547 vdb-entryx_refsource_BID
    https://support.cybozu.com/ja-jp/article/9719 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Cybozu, Inc. kintone mobile for Android Affected: 1.0.6 and earlier
    Create a notification for this product.
    Date Public
    2016-11-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.029Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#20252219",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN20252219/index.html"
              },
              {
                "name": "94547",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94547"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/9719"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kintone mobile for Android",
              "vendor": "Cybozu, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.6 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to verify SSL certificates",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#20252219",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN20252219/index.html"
            },
            {
              "name": "94547",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94547"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9719"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kintone mobile for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.6 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cybozu, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to verify SSL certificates"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#20252219",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN20252219/index.html"
                },
                {
                  "name": "94547",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94547"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/9719",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/9719"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7816",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1186 (GCVE-0-2016-1186)

    Vulnerability from cvelistv5 – Published: 2017-04-21 20:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/97976 vdb-entryx_refsource_BID
    http://jvn.jp/en/jp/JVN91816422/index.html third-party-advisoryx_refsource_JVN
    https://support.cybozu.com/ja-jp/article/9480 x_refsource_CONFIRM
    http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-0… third-party-advisoryx_refsource_JVNDB
    Date Public
    2016-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97976",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97976"
              },
              {
                "name": "JVN#91816422",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN91816422/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/9480"
              },
              {
                "name": "JVNDB-2016-000056",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-25T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "97976",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97976"
            },
            {
              "name": "JVN#91816422",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN91816422/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9480"
            },
            {
              "name": "JVNDB-2016-000056",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97976",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97976"
                },
                {
                  "name": "JVN#91816422",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN91816422/index.html"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/9480",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/9480"
                },
                {
                  "name": "JVNDB-2016-000056",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000056.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1186",
        "datePublished": "2017-04-21T20:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1185 (GCVE-0-2016-1185)

    Vulnerability from cvelistv5 – Published: 2016-04-25 18:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN89026267/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96842 vdb-entryx_refsource_BID
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055 third-party-advisoryx_refsource_JVNDB
    https://support.cybozu.com/ja-jp/article/9479 x_refsource_CONFIRM
    Date Public
    2016-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#89026267",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN89026267/index.html"
              },
              {
                "name": "96842",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96842"
              },
              {
                "name": "JVNDB-2016-000055",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.cybozu.com/ja-jp/article/9479"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-14T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#89026267",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN89026267/index.html"
            },
            {
              "name": "96842",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96842"
            },
            {
              "name": "JVNDB-2016-000055",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.cybozu.com/ja-jp/article/9479"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#89026267",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN89026267/index.html"
                },
                {
                  "name": "96842",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96842"
                },
                {
                  "name": "JVNDB-2016-000055",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055"
                },
                {
                  "name": "https://support.cybozu.com/ja-jp/article/9479",
                  "refsource": "CONFIRM",
                  "url": "https://support.cybozu.com/ja-jp/article/9479"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1185",
        "datePublished": "2016-04-25T18:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }