All the vulnerabilites related to Internet Initiative Japan Inc. - IIJ SmartKey
jvndb-2018-000047
Vulnerability from jvndb
Published
2018-05-11 14:34
Modified
2019-12-27 18:11
Severity
Summary
IIJ SmartKey App for Android vulnerable to authentication bypass
Details
IIJ SmartKey App for Android contains an authentication bypass vulnerability.
IIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication (two-factor authentication) for a website from an Android device. IIJ SmartKey App for Android contains an authentication bypass vulnerability (CWE-287).
Ryo Tateguchi of AndroPlus reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN27137002/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0584 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2018-0584 |
| Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Internet Initiative Japan Inc. | IIJ SmartKey |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000047.html",
"dc:date": "2019-12-27T18:11+09:00",
"dcterms:issued": "2018-05-11T14:34+09:00",
"dcterms:modified": "2019-12-27T18:11+09:00",
"description": "IIJ SmartKey App for Android contains an authentication bypass vulnerability.\r\n\r\nIIJ SmartKey App for Android provided by Internet Initiative Japan Inc. is an application that enables two-step authentication (two-factor authentication) for a website from an Android device. IIJ SmartKey App for Android contains an authentication bypass vulnerability (CWE-287).\r\n\r\nRyo Tateguchi of AndroPlus reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000047.html",
"sec:cpe": {
"#text": "cpe:/a:iij:iij_smartkey",
"@product": "IIJ SmartKey",
"@vendor": "Internet Initiative Japan Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN27137002/index.html",
"@id": "JVN#27137002",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0584",
"@id": "CVE-2018-0584",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0584",
"@id": "CVE-2018-0584",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "IIJ SmartKey App for Android vulnerable to authentication bypass"
}
jvndb-2022-000080
Vulnerability from jvndb
Published
2022-10-14 13:57
Modified
2024-06-27 13:40
Severity
Summary
Android App "IIJ SmartKey" vulnerable to information disclosure
Details
Android App "IIJ SmartKey" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability (CWE-200).
Naoaki Iwakiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN74534998/index.html |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-41986 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-41986 |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Internet Initiative Japan Inc. | IIJ SmartKey |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000080.html",
"dc:date": "2024-06-27T13:40+09:00",
"dcterms:issued": "2022-10-14T13:57+09:00",
"dcterms:modified": "2024-06-27T13:40+09:00",
"description": "Android App \"IIJ SmartKey\" provided by Internet Initiative Japan Inc. contains an information disclosure vulnerability (CWE-200).\r\n\r\nNaoaki Iwakiri reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000080.html",
"sec:cpe": {
"#text": "cpe:/a:iij:iij_smartkey",
"@product": "IIJ SmartKey",
"@vendor": "Internet Initiative Japan Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000080",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN74534998/index.html",
"@id": "JVN#74534998",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41986",
"@id": "CVE-2022-41986",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41986",
"@id": "CVE-2022-41986",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Android App \"IIJ SmartKey\" vulnerable to information disclosure"
}
cve-2022-41986
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2024-08-03 12:56
Severity
Summary
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.
References
Impacted products
| Vendor | Product |
|---|---|
| Internet Initiative Japan Inc. | IIJ SmartKey |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN74534998/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIJ SmartKey",
"vendor": "Internet Initiative Japan Inc.",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Android App \u0027IIJ SmartKey\u0027 versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-24T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2"
},
{
"url": "https://jvn.jp/en/jp/JVN74534998/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-41986",
"datePublished": "2022-10-24T00:00:00",
"dateReserved": "2022-10-07T00:00:00",
"dateUpdated": "2024-08-03T12:56:39.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}