CVE-2016-1185 — LOW (2.5) — White Hats Nepal

Vulnerability Description

The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

CVSS Score

2.5

LOW

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cybozu	Kintone	1.0.0

Related Weaknesses (CWE)

CWE-200

References

http://jvn.jp/en/jp/JVN89026267/index.htmlVendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055Vendor Advisory
http://www.securityfocus.com/bid/96842
https://support.cybozu.com/ja-jp/article/9479Vendor Advisory
http://jvn.jp/en/jp/JVN89026267/index.htmlVendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000055Vendor Advisory
http://www.securityfocus.com/bid/96842
https://support.cybozu.com/ja-jp/article/9479Vendor Advisory

FAQ

What is CVE-2016-1185?

CVE-2016-1185 is a vulnerability with a CVSS score of 2.5 (LOW). The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

How severe is CVE-2016-1185?

CVE-2016-1185 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1185?

Check the references section above for vendor advisories and patch information. Affected products include: Cybozu Kintone.