All the vulnerabilites related to KDDI - +Message (PlusMessage)
jvndb-2022-000101
Vulnerability from jvndb
Published
2022-12-21 14:13
Modified
2022-12-21 14:13
Severity ?
Summary
+Message App improper handling of Unicode control characters
Details
+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications.
Therefore, a crafted text may display misleading web links (CWE-451).
Akaki Tsunoda reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN43561812/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-43543 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-43543 | |
| Related document | https://unicode.org/reports/tr36/ | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
"dc:date": "2022-12-21T14:13+09:00",
"dcterms:issued": "2022-12-21T14:13+09:00",
"dcterms:modified": "2022-12-21T14:13+09:00",
"description": "+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character\u0027s specifications.\r\nTherefore, a crafted text may display misleading web links (CWE-451).\r\n\r\nAkaki Tsunoda reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
"sec:cpe": [
{
"#text": "cpe:/a:kddi:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "KDDI",
"@version": "2.2"
},
{
"#text": "cpe:/a:nttdocomo:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:softbank:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "SoftBank",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000101",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43561812/index.html",
"@id": "JVN#43561812",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43543",
"@id": "CVE-2022-43543",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43543",
"@id": "CVE-2022-43543",
"@source": "NVD"
},
{
"#text": "https://unicode.org/reports/tr36/",
"@id": "Unicode Technical Report #36",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "+Message App improper handling of Unicode control characters"
}
jvndb-2018-000100
Vulnerability from jvndb
Published
2018-09-27 16:52
Modified
2019-08-27 17:22
Severity ?
Summary
+Message App fails to verify SSL server certificates
Details
+Message App fails to verify SSL server certificates.
ma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
"dc:date": "2019-08-27T17:22+09:00",
"dcterms:issued": "2018-09-27T16:52+09:00",
"dcterms:modified": "2019-08-27T17:22+09:00",
"description": "+Message App fails to verify SSL server certificates.\r\n\r\nma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
"sec:cpe": [
{
"#text": "cpe:/a:kddi:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "KDDI",
"@version": "2.2"
},
{
"#text": "cpe:/a:nttdocomo:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:softbank:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "SoftBank",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000100",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37288228/",
"@id": "JVN#37288228",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0691",
"@id": "CVE-2018-0691",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0691",
"@id": "CVE-2018-0691",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "+Message App fails to verify SSL server certificates"
}