CVE-2016-4838 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2016-4838?

CVE-2016-4838 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4838?

Check the references section above for vendor advisories and patch information. Affected products include: Moneyforward Money Forward For Apppass, Moneyforward Money Forward For Au Smartpass, Moneyforward Money Forward For Chou Houdai, Moneyforward Money Forward For Sbi Sumishin Net Bank, Moneyforward Money Forward For Shiga Bank.

Vulnerability Description

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moneyforward	Money Forward For Apppass	< 7.18.3
Moneyforward	Money Forward For Au Smartpass	< 7.18.0
Moneyforward	Money Forward For Chou Houdai	< 7.18.3
Moneyforward	Money Forward For Sbi Sumishin Net Bank	< 1.6.0
Moneyforward	Money Forward For Shiga Bank	< 1.2.0
Moneyforward	Money Forward For Shizuoka Bank	< 1.4.0
Moneyforward	Money Forward For The Gunma Bank	< 1.2.0
Moneyforward	Money Forward For The Toho Bank	< 1.3.0
Moneyforward	Money Forward For Tokai Tokyo Securities	< 1.4.0
Moneyforward	Money Forward For Ymfg	< 1.5.0

Related Weaknesses (CWE)

CWE-20

References

http://corp.moneyforward.com/info/20160920-mf-android/Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/93034Third Party AdvisoryVDB Entry
http://www.sourcenext.com/support/i/160725_1Third Party AdvisoryVDB Entry
https://jvn.jp/en/jp/JVN49343562/index.htmlThird Party AdvisoryVDB Entry
http://corp.moneyforward.com/info/20160920-mf-android/Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/93034Third Party AdvisoryVDB Entry
http://www.sourcenext.com/support/i/160725_1Third Party AdvisoryVDB Entry
https://jvn.jp/en/jp/JVN49343562/index.htmlThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-4838?

CVE-2016-4838 is a vulnerability with a CVSS score of 7.8 (HIGH). The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0)...

How severe is CVE-2016-4838?

CVE-2016-4838 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4838?

Check the references section above for vendor advisories and patch information. Affected products include: Moneyforward Money Forward For Apppass, Moneyforward Money Forward For Au Smartpass, Moneyforward Money Forward For Chou Houdai, Moneyforward Money Forward For Sbi Sumishin Net Bank, Moneyforward Money Forward For Shiga Bank.