Kenta Suefusa

**Name of the Vulnerable Software and Affected Versions** LINE@ for Android version 1.0.0 LINE@ for iOS version 1.0.0 **Description** The issue allows for a man-in-the-middle (MITM) attack due to the application's acceptance of non-SSL/TLS communications. This enables an attacker to invoke any API from a script injected during the attack. **Recommendations** For LINE@ for Android version 1.0.0, consider disabling non-SSL/TLS communications to minimize the risk of exploitation. For LINE@ for iOS version 1.0.0, consider disabling non-SSL/TLS communications to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LINE for Android versions 5.0.2 and earlier LINE for iOS versions 5.0.0 and earlier **Description** The issue allows for a man-in-the-middle (MITM) attack because the application permits non-SSL/TLS communications. This enables an attacker to invoke any API from a script injected during the attack. **Recommendations** For LINE for Android versions 5.0.2 and earlier, update to a version that enforces SSL/TLS communications to prevent MITM attacks. For LINE for iOS versions 5.0.0 and earlier, update to a version that enforces SSL/TLS communications to prevent MITM attacks.

**Name of the Vulnerable Software and Affected Versions** Money Forward versions prior to 7.18.0 Money Forward for The Gunma Bank versions prior to 1.2.0 Money Forward for SHIGA BANK versions prior to 1.2.0 Money Forward for SHIZUOKA BANK versions prior to 1.4.0 Money Forward for SBI Sumishin Net Bank versions prior to 1.6.0 Money Forward for Tokai Tokyo Securities versions prior to 1.4.0 Money Forward for THE TOHO BANK versions prior to 1.3.0 Money Forward for YMFG versions prior to 1.5.0 Money Forward for AppPass versions prior to 7.18.3 Money Forward for au SMARTPASS versions prior to 7.18.0 Money Forward for Chou Houdai versions prior to 7.18.3 **Description** The Android apps do not properly implement the WebView class, allowing an attacker to disclose information stored on the device via a specially crafted application. **Recommendations** For Money Forward versions prior to 7.18.0, update to version 7.18.0 or later. For Money Forward for The Gunma Bank versions prior to 1.2.0, update to version 1.2.0 or later. For Money Forward for SHIGA BANK versions prior to 1.2.0, update to version 1.2.0 or later. For Money Forward for SHIZUOKA BANK versions prior to 1.4.0, update to version 1.4.0 or later. For Money Forward for SBI Sumishin Net Bank versions prior to 1.6.0, update to version 1.6.0 or later. For Money Forward for Tokai Tokyo Securities versions prior to 1.4.0, update to version 1.4.0 or later. For Money Forward for THE TOHO BANK versions prior to 1.3.0, update to version 1.3.0 or later. For Money Forward for YMFG versions prior to 1.5.0, update to version 1.5.0 or later. For Money Forward for AppPass versions prior to 7.18.3, update to version 7.18.3 or later. For Money Forward for au SMARTPASS versions prior to 7.18.0, update to version 7.18.0 or later. For Money Forward for Chou Houdai versions prior to 7.18.3, update to version 7.18.3 or later.

**Name of the Vulnerable Software and Affected Versions** Money Forward versions prior to 7.18.0 Money Forward for The Gunma Bank versions prior to 1.2.0 Money Forward for SHIGA BANK versions prior to 1.2.0 Money Forward for SHIZUOKA BANK versions prior to 1.4.0 Money Forward for SBI Sumishin Net Bank versions prior to 1.6.0 Money Forward for Tokai Tokyo Securities versions prior to 1.4.0 Money Forward for THE TOHO BANK versions prior to 1.3.0 Money Forward for YMFG versions prior to 1.5.0 Money Forward for AppPass versions prior to 7.18.3 Money Forward for au SMARTPASS versions prior to 7.18.0 Money Forward for Chou Houdai versions prior to 7.18.3 **Description** The issue allows an attacker to execute unintended operations via a specially crafted application. **Recommendations** For Money Forward versions prior to 7.18.0, update to version 7.18.0 or later. For Money Forward for The Gunma Bank versions prior to 1.2.0, update to version 1.2.0 or later. For Money Forward for SHIGA BANK versions prior to 1.2.0, update to version 1.2.0 or later. For Money Forward for SHIZUOKA BANK versions prior to 1.4.0, update to version 1.4.0 or later. For Money Forward for SBI Sumishin Net Bank versions prior to 1.6.0, update to version 1.6.0 or later. For Money Forward for Tokai Tokyo Securities versions prior to 1.4.0, update to version 1.4.0 or later. For Money Forward for THE TOHO BANK versions prior to 1.3.0, update to version 1.3.0 or later. For Money Forward for YMFG versions prior to 1.5.0, update to version 1.5.0 or later. For Money Forward for AppPass versions prior to 7.18.3, update to version 7.18.3 or later. For Money Forward for au SMARTPASS versions prior to 7.18.0, update to version 7.18.0 or later. For Money Forward for Chou Houdai versions prior to 7.18.3, update to version 7.18.3 or later.

**Name of the Vulnerable Software and Affected Versions** Akerun - Smart Lock Robot App for iOS versions prior to 1.2.4 **Description** The issue concerns the failure to verify SSL certificates, which could lead to security risks. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NTT Broadband Platform Japan Connected-free Wi-Fi application versions 1.15.1 and earlier for Android NTT Broadband Platform Japan Connected-free Wi-Fi application versions 1.13.0 and earlier for iOS **Description** The issue allows man-in-the-middle attackers to obtain API access via unspecified vectors. **Recommendations** For Android versions 1.15.1 and earlier, update to a version later than 1.15.1 to resolve the issue. For iOS versions 1.13.0 and earlier, update to a version later than 1.13.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Newphoria applican framework versions prior to 1.13.0 **Description** A cross-site scripting (XSS) issue exists in the runtime engine, allowing remote attackers to inject arbitrary web script or HTML via a crafted SSID encountered by an applican application. **Recommendations** For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Newphoria applican framework versions prior to 1.13.0 **Description** A cross-site scripting (XSS) issue exists in the runtime engine of the Newphoria applican framework, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This is achieved by triggering WebView anchor attachment in an applican application. **Recommendations** For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted URLs in applican applications to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Newphoria Photon versions prior to 1.2 **Description** The issue allows attackers to bypass a URL whitelist protection mechanism and obtain API access. **Recommendations** For versions prior to 1.2, update to version 1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Newphoria Auction Camera versions prior to 1.2 for Android Newphoria Auction Camera for iOS **Description** The issue allows attackers to bypass a URL whitelist protection mechanism and obtain API access. **Recommendations** For Newphoria Auction Camera versions prior to 1.2 for Android, update to version 1.2 or later. For Newphoria Auction Camera for iOS, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Newphoria application framework versions prior to 1.12.3 for Android Newphoria application framework versions prior to 1.12.2 for iOS **Description** The issue allows attackers to bypass the whitelist.xml URL whitelist protection mechanism, obtaining API access. **Recommendations** For Newphoria application framework versions prior to 1.12.3 for Android, update to version 1.12.3 or later. For Newphoria application framework versions prior to 1.12.2 for iOS, update to version 1.12.2 or later.

**Name of the Vulnerable Software and Affected Versions** Newphoria Reversi versions prior to 1.0.3 for Android Newphoria Reversi versions prior to 1.2 for iOS **Description** The issue allows attackers to bypass a URL whitelist protection mechanism and obtain API access. **Recommendations** For Android versions prior to 1.0.3, update to version 1.0.3 or later. For iOS versions prior to 1.2, update to version 1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Newphoria Koritore versions prior to 1.1 **Description** The issue allows attackers to bypass a URL whitelist protection mechanism and obtain API access. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Newphoria MEGAPHONE MUSIC versions prior to 1.1 **Description** The issue allows attackers to bypass a URL whitelist protection mechanism and obtain API access. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NTT Broadband Platform Japan Connected-free Wi-Fi application versions 1.6.0 and earlier for Android NTT Broadband Platform Japan Connected-free Wi-Fi application versions 1.0.2 and earlier for iOS **Description** The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This is achieved via a crafted SSID. **Recommendations** For Android versions 1.6.0 and earlier, update to a version later than 1.6.0 to resolve the issue. For iOS versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NTT Broadband Platform Japan Connected-free Wi-Fi application versions 1.6.0 and earlier for Android NTT Broadband Platform Japan Connected-free Wi-Fi application versions 1.0.2 and earlier for iOS **Description** The issue allows attackers to bypass a URL whitelist protection mechanism and obtain API access. **Recommendations** For Android versions 1.6.0 and earlier, update to a version later than 1.6.0 to resolve the issue. For iOS versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.