Search
Find a vulnerability
Search criteria
4 vulnerabilities by AKINDO SUSHIRO CO., LTD.
CVE-2023-22362 (GCVE-0-2023-22362)
Vulnerability from nvd – Published: 2023-02-13 00:00 – Updated: 2025-03-21 14:32
VLAI
Summary
SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Insertion of sensitive information into log file
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AKINDO SUSHIRO CO., LTD. | SUSHIRO App for Android |
Affected:
SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN84642320/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:30:48.588374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:32:31.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SUSHIRO App for Android",
"vendor": "AKINDO SUSHIRO CO., LTD.",
"versions": [
{
"status": "affected",
"version": "SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of sensitive information into log file",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://jvn.jp/en/jp/JVN84642320/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22362",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T14:32:31.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22362 (GCVE-0-2023-22362)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 14:32
VLAI
Summary
SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Insertion of sensitive information into log file
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AKINDO SUSHIRO CO., LTD. | SUSHIRO App for Android |
Affected:
SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN84642320/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:30:48.588374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:32:31.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SUSHIRO App for Android",
"vendor": "AKINDO SUSHIRO CO., LTD.",
"versions": [
{
"status": "affected",
"version": "SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of sensitive information into log file",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"
},
{
"url": "https://jvn.jp/en/jp/JVN84642320/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22362",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T14:32:31.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-000011
Vulnerability from jvndb - Published: 2023-01-31 14:10 - Updated:2024-06-11 17:35
Severity
Summary
SUSHIRO App for Android outputs sensitive information to the log file
Details
SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file (CWE-532).
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000011.html",
"dc:date": "2024-06-11T17:35+09:00",
"dcterms:issued": "2023-01-31T14:10+09:00",
"dcterms:modified": "2024-06-11T17:35+09:00",
"description": "SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file (CWE-532).",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000011.html",
"sec:cpe": [
{
"#text": "cpe:/a:akindo-sushiro:hong_kong_sushiro",
"@product": "Hong Kong SUSHIRO",
"@vendor": "AKINDO SUSHIRO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:akindo-sushiro:singapore_sushiro",
"@product": "Singapore SUSHIRO",
"@vendor": "AKINDO SUSHIRO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:akindo-sushiro:sushiro",
"@product": "SUSHIRO",
"@vendor": "AKINDO SUSHIRO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:akindo-sushiro:taiwan_sushiro",
"@product": "Taiwan SUSHIRO",
"@vendor": "AKINDO SUSHIRO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:akindo-sushiro:thailand_sushiro",
"@product": "Thailand SUSHIRO",
"@vendor": "AKINDO SUSHIRO CO., LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84642320/index.html",
"@id": "JVN#84642320",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22362",
"@id": "CVE-2023-22362",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22362",
"@id": "CVE-2023-22362",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "SUSHIRO App for Android outputs sensitive information to the log file"
}
JVNDB-2016-000122
Vulnerability from jvndb - Published: 2016-06-29 14:27 - Updated:2017-05-23 14:28
Severity
Summary
Sushiro App fails to verify SSL server certificates
Details
Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates.
Yuta Teshima of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000122.html",
"dc:date": "2017-05-23T14:28+09:00",
"dcterms:issued": "2016-06-29T14:27+09:00",
"dcterms:modified": "2017-05-23T14:28+09:00",
"description": "Sushiro App provided by AKINDO SUSHIRO CO., LTD. fails to verify SSL server certificates.\r\n\r\nYuta Teshima of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000122.html",
"sec:cpe": {
"#text": "cpe:/a:akindo-sushiro:sushiro",
"@product": "SUSHIRO",
"@vendor": "AKINDO SUSHIRO CO., LTD.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000122",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN30260727/index.html",
"@id": "JVN#30260727",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4830",
"@id": "CVE-2016-4830",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4830",
"@id": "CVE-2016-4830",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sushiro App fails to verify SSL server certificates"
}