Search

Find a vulnerability

Search criteria

    6 vulnerabilities by HJ Holdings, Inc.

    CVE-2022-35734 (GCVE-0-2022-35734)

    Vulnerability from nvd – Published: 2022-08-16 07:02 – Updated: 2024-08-03 09:44
    VLAI
    Summary
    'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    HJ Holdings, Inc. 'Hulu / フールー' App for Android Affected: from version 3.0.47 to the version prior to 3.1.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:44:21.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN40907489/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android",
              "vendor": "HJ Holdings, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "from version 3.0.47 to the version prior to 3.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T07:02:16.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN40907489/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-35734",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from version 3.0.47 to the version prior to 3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HJ Holdings, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN40907489/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN40907489/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-35734",
        "datePublished": "2022-08-16T07:02:16.000Z",
        "dateReserved": "2022-07-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:44:21.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34156 (GCVE-0-2022-34156)

    Vulnerability from nvd – Published: 2022-08-16 07:01 – Updated: 2024-08-03 08:16
    VLAI
    Summary
    'Hulu / フールー' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
    Severity
    No CVSS data available.
    CWE
    • Improper Certificate Validation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:16:17.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81563390/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS",
              "vendor": "HJ Holdings, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 3.0.81"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Certificate Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T07:01:18.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81563390/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-34156",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 3.0.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HJ Holdings, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Certificate Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN81563390/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81563390/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-34156",
        "datePublished": "2022-08-16T07:01:18.000Z",
        "dateReserved": "2022-07-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:16:17.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35734 (GCVE-0-2022-35734)

    Vulnerability from cvelistv5 – Published: 2022-08-16 07:02 – Updated: 2024-08-03 09:44
    VLAI
    Summary
    'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    HJ Holdings, Inc. 'Hulu / フールー' App for Android Affected: from version 3.0.47 to the version prior to 3.1.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:44:21.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN40907489/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android",
              "vendor": "HJ Holdings, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "from version 3.0.47 to the version prior to 3.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T07:02:16.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN40907489/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-35734",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from version 3.0.47 to the version prior to 3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HJ Holdings, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN40907489/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN40907489/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-35734",
        "datePublished": "2022-08-16T07:02:16.000Z",
        "dateReserved": "2022-07-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:44:21.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34156 (GCVE-0-2022-34156)

    Vulnerability from cvelistv5 – Published: 2022-08-16 07:01 – Updated: 2024-08-03 08:16
    VLAI
    Summary
    'Hulu / フールー' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
    Severity
    No CVSS data available.
    CWE
    • Improper Certificate Validation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:16:17.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81563390/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS",
              "vendor": "HJ Holdings, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 3.0.81"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Certificate Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T07:01:18.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81563390/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-34156",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 3.0.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HJ Holdings, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "\u0027Hulu / \u30d5\u30fc\u30eb\u30fc\u0027 App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Certificate Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN81563390/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81563390/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-34156",
        "datePublished": "2022-08-16T07:01:18.000Z",
        "dateReserved": "2022-07-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:16:17.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2022-000060

    Vulnerability from jvndb - Published: 2022-07-28 09:51 - Updated:2024-06-14 12:25
    Severity
    Summary
    "Hulu" App for iOS vulnerable to improper server certificate verification
    Details
    "Hulu" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification (CWE-295). Shungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000060.html",
      "dc:date": "2024-06-14T12:25+09:00",
      "dcterms:issued": "2022-07-28T09:51+09:00",
      "dcterms:modified": "2024-06-14T12:25+09:00",
      "description": "\"Hulu\" App for iOS provided by HJ Holdings, Inc. is vulnerable to improper server certificate verification (CWE-295).\r\n\r\nShungo Kumasaka of GMO Cyber Security by IERAE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000060.html",
      "sec:cpe": {
        "#text": "cpe:/a:hjholdings:hulu",
        "@product": "Hulu",
        "@vendor": "HJ Holdings, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000060",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN81563390/index.html",
          "@id": "JVN#81563390",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-34156",
          "@id": "CVE-2022-34156",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-34156",
          "@id": "CVE-2022-34156",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "\"Hulu\" App for iOS vulnerable to improper server certificate verification"
    }

    JVNDB-2022-000059

    Vulnerability from jvndb - Published: 2022-07-28 09:14 - Updated:2024-06-14 14:42
    Severity
    Summary
    "Hulu" App for Android uses a hard-coded API key for an external service
    Details
    "Hulu" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service (CWE-798). Ryo Sato of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000059.html",
      "dc:date": "2024-06-14T14:42+09:00",
      "dcterms:issued": "2022-07-28T09:14+09:00",
      "dcterms:modified": "2024-06-14T14:42+09:00",
      "description": "\"Hulu\" App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service (CWE-798).\r\n\r\nRyo Sato of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000059.html",
      "sec:cpe": {
        "#text": "cpe:/a:hjholdings:hulu",
        "@product": "Hulu",
        "@vendor": "HJ Holdings, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.1",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000059",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN40907489/index.html",
          "@id": "JVN#40907489",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-35734",
          "@id": "CVE-2022-35734",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35734",
          "@id": "CVE-2022-35734",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "\"Hulu\" App for Android uses a hard-coded API key for an external service"
    }