PT-2015-4931 · Ogaki Kyoritsu Bank · Ogaki Kyoritsu Bank Smartphone Passbook

Hiroshi Kumagai

Publicado

2015-02-15

Atualizado

2015-02-20

CVE-2015-0875

CVSS v2.0

1.8

Baixa

Vetor

AV:A/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ogaki Kyoritsu Bank Smartphone Passbook application version 1.0.0

Description The issue allows attackers to obtain sensitive information by reading a log file that contains input data from the user. This is because the application creates a log file with user input, which can be accessed by attackers.

Recommendations For Ogaki Kyoritsu Bank Smartphone Passbook application version 1.0.0, consider restricting access to the log file to minimize the risk of sensitive information disclosure until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-0875

Produtos afetados

Ogaki Kyoritsu Bank Smartphone Passbook

PT-2015-4931 · Ogaki Kyoritsu Bank · Ogaki Kyoritsu Bank Smartphone Passbook

CVE-2015-0875

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4