Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability found for DMMFX Trade by DMM.com Securities Co.,Ltd.

JVNDB-2016-000092

Vulnerability from jvndb - Published: 2016-05-30 14:21 - Updated:2017-05-23 14:28

Severity ?

4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

DMM.com Securities FX Apps for Android fail to verify SSL server certificates

Details

Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN40898764/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4818
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4818
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	DMM.com Securities Co.,Ltd.	DMMFX DEMO Trade
	DMM.com Securities Co.,Ltd.	DMMFX Trade
	DMM.com Securities Co.,Ltd.	GAITAMEJAPAN FX Trade

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html",
  "dc:date": "2017-05-23T14:28+09:00",
  "dcterms:issued": "2016-05-30T14:21+09:00",
  "dcterms:modified": "2017-05-23T14:28+09:00",
  "description": "Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates.\r\n\r\nGaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000092.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:dmm:dmmfx_demo_trade",
      "@product": "DMMFX DEMO Trade",
      "@vendor": "DMM.com Securities Co.,Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:dmm:dmmfx_trade",
      "@product": "DMMFX Trade",
      "@vendor": "DMM.com Securities Co.,Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:dmm:gaitamejapan_fx_trade",
      "@product": "GAITAMEJAPAN FX Trade",
      "@vendor": "DMM.com Securities Co.,Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000092",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN40898764/index.html",
      "@id": "JVN#40898764",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4818",
      "@id": "CVE-2016-4818",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4818",
      "@id": "CVE-2016-4818",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "DMM.com Securities FX Apps for Android fail to verify SSL server certificates"
}