PT-2015-4931 · Ogaki Kyoritsu Bank · Ogaki Kyoritsu Bank Smartphone Passbook

Hiroshi Kumagai

Published

2015-02-15

Updated

2015-02-20

CVE-2015-0875

CVSS v2.0

1.8

Low

Vector

AV:A/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ogaki Kyoritsu Bank Smartphone Passbook application version 1.0.0

Description The issue allows attackers to obtain sensitive information by reading a log file that contains input data from the user. This is because the application creates a log file with user input, which can be accessed by attackers.

Recommendations For Ogaki Kyoritsu Bank Smartphone Passbook application version 1.0.0, consider restricting access to the log file to minimize the risk of sensitive information disclosure until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-0875

Affected Products

Ogaki Kyoritsu Bank Smartphone Passbook

PT-2015-4931 · Ogaki Kyoritsu Bank · Ogaki Kyoritsu Bank Smartphone Passbook

CVE-2015-0875

Weakness Enumeration

Related Identifiers

Affected Products

References · 4