Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to NTT DATA - MyPallete

jvndb-2020-000007

Vulnerability from jvndb

Published

2020-01-28 15:59

Modified

2020-01-28 15:59

Severity ?

4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Android App "MyPallete" vulnerable to improper server certificate verification

Details

Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification (CWE-295) and to improper host-matching validation (CWE-297). Dai Nakamura of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN28845872/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5523
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5523
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	(Multiple Venders)	(Multiple Products)
	NTT DATA	MyPallete

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000007.html",
  "dc:date": "2020-01-28T15:59+09:00",
  "dcterms:issued": "2020-01-28T15:59+09:00",
  "dcterms:modified": "2020-01-28T15:59+09:00",
  "description": "Android App \"MyPallete\" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers.\r\n\"MyPallete\" is vulnerable to improper server certificate verification (CWE-295) and to improper host-matching validation (CWE-297).\r\n\r\nDai Nakamura of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000007.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:misc:multiple_vendors",
      "@product": "(Multiple Products)",
      "@vendor": "(Multiple Venders)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nttdata:mypallete",
      "@product": "MyPallete",
      "@vendor": "NTT DATA",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000007",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28845872/index.html",
      "@id": "JVN#28845872",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5523",
      "@id": "CVE-2020-5523",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5523",
      "@id": "CVE-2020-5523",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Android App \"MyPallete\" vulnerable to improper server certificate verification"
}