Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3 vulnerabilities by Jimoty, Inc.

    CVE-2022-0131 (GCVE-0-2022-0131)

    Vulnerability from nvd – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
    VLAI
    Summary
    Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jimoty, Inc. Jimoty App for Android Affected: versions prior to 3.7.42
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.732Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN49047921/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jimoty App for Android",
              "vendor": "Jimoty, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 3.7.42"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:10:24.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN49047921/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-0131",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jimoty App for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 3.7.42"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jimoty, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN49047921/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN49047921/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-0131",
        "datePublished": "2022-01-17T09:10:24.000Z",
        "dateReserved": "2022-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0131 (GCVE-0-2022-0131)

    Vulnerability from cvelistv5 – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
    VLAI
    Summary
    Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
    Severity
    No CVSS data available.
    CWE
    • Use of Hard-coded credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jimoty, Inc. Jimoty App for Android Affected: versions prior to 3.7.42
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.732Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN49047921/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jimoty App for Android",
              "vendor": "Jimoty, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 3.7.42"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T09:10:24.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN49047921/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-0131",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jimoty App for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 3.7.42"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jimoty, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN49047921/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN49047921/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-0131",
        "datePublished": "2022-01-17T09:10:24.000Z",
        "dateReserved": "2022-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2022-000003

    Vulnerability from jvndb - Published: 2022-01-12 15:37 - Updated:2022-01-12 15:37
    Severity
    Summary
    Jimoty App for Android uses a hard-coded API key for an external service
    Details
    Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service (CWE-798). Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000003.html",
      "dc:date": "2022-01-12T15:37+09:00",
      "dcterms:issued": "2022-01-12T15:37+09:00",
      "dcterms:modified": "2022-01-12T15:37+09:00",
      "description": "Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service (CWE-798).\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000003.html",
      "sec:cpe": {
        "#text": "cpe:/a:jmty:jimoty",
        "@product": "Jimoty",
        "@vendor": "Jimoty, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.1",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000003",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN49047921/index.html",
          "@id": "JVN#49047921",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-0131",
          "@id": "CVE-2022-0131",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0131",
          "@id": "CVE-2022-0131",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Jimoty App for Android uses a hard-coded API key for an external service"
    }