Search criteria

2 vulnerabilities found for +Message (PlusMessage) by NTT DOCOMO, INC.

JVNDB-2022-000101

Vulnerability from jvndb - Published: 2022-12-21 14:13 - Updated:2022-12-21 14:13
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
+Message App improper handling of Unicode control characters
Details
+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links (CWE-451). Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
  "dc:date": "2022-12-21T14:13+09:00",
  "dcterms:issued": "2022-12-21T14:13+09:00",
  "dcterms:modified": "2022-12-21T14:13+09:00",
  "description": "+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character\u0027s specifications.\r\nTherefore, a crafted text may display misleading web links (CWE-451).\r\n\r\nAkaki Tsunoda reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:kddi:%2b_message",
      "@product": "+Message (PlusMessage)",
      "@vendor": "KDDI",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nttdocomo:%2b_message",
      "@product": "+Message (PlusMessage)",
      "@vendor": "NTT DOCOMO, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:softbank:%2b_message",
      "@product": "+Message (PlusMessage)",
      "@vendor": "SoftBank",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000101",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN43561812/index.html",
      "@id": "JVN#43561812",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43543",
      "@id": "CVE-2022-43543",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43543",
      "@id": "CVE-2022-43543",
      "@source": "NVD"
    },
    {
      "#text": "https://unicode.org/reports/tr36/",
      "@id": "Unicode Technical Report #36",
      "@source": "Related document"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "+Message App improper handling of Unicode control characters"
}

JVNDB-2018-000100

Vulnerability from jvndb - Published: 2018-09-27 16:52 - Updated:2019-08-27 17:22
Severity ?
4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
+Message App fails to verify SSL server certificates
Details
+Message App fails to verify SSL server certificates. ma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
  "dc:date": "2019-08-27T17:22+09:00",
  "dcterms:issued": "2018-09-27T16:52+09:00",
  "dcterms:modified": "2019-08-27T17:22+09:00",
  "description": "+Message App fails to verify SSL server certificates.\r\n\r\nma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:kddi:%2b_message",
      "@product": "+Message (PlusMessage)",
      "@vendor": "KDDI",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nttdocomo:%2b_message",
      "@product": "+Message (PlusMessage)",
      "@vendor": "NTT DOCOMO, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:softbank:%2b_message",
      "@product": "+Message (PlusMessage)",
      "@vendor": "SoftBank",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000100",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN37288228/",
      "@id": "JVN#37288228",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0691",
      "@id": "CVE-2018-0691",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0691",
      "@id": "CVE-2018-0691",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "+Message App fails to verify SSL server certificates"
}