Japan Vulnerability NotesJVN:88745657JVN#88745657: Cybozu KUNAI for Android information management vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
60.8%
Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default.
Cybozu KUNAI for Android contains an issue where it outputs log information when its data is synchronized with Cybozu for the first time, even if the log output function is disabled.
Impact
If a user of Cybozu KUNAI for Android uses another malicious Android application, the log information managed by Cybozu KUNAI for Android may be disclosed.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Cybozu KUNAI for Android 3.0.4 to 3.0.5.1
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS
Percentile
60.8%