Lucene search

Japan Vulnerability NotesJVN:23009798

HistoryAug 31, 2012 - 12:00 a.m.

JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution

2012-08-3100:00:00

Japan Vulnerability Notes

jvn.jp

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.7%

JSON

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability.

Impact

When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android devices may be obtained and arbitrary OS commands may be executed.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Products Affected

Cybozu Live for Android version 1.0.4 and earlier

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.004

Percentile

73.7%

JSON

Related for JVN:23009798