CVE-2016-4839

Name of the Vulnerable Software and Affected Versions Money Forward versions prior to 7.18.0 Money Forward for The Gunma Bank versions prior to 1.2.0 Money Forward for SHIGA BANK versions prior to 1.2.0 Money Forward for SHIZUOKA BANK versions prior to 1.4.0 Money Forward for SBI Sumishin Net Bank versions prior to 1.6.0 Money Forward for Tokai Tokyo Securities versions prior to 1.4.0 Money Forward for THE TOHO BANK versions prior to 1.3.0 Money Forward for YMFG versions prior to 1.5.0 Money Forward for AppPass versions prior to 7.18.3 Money Forward for au SMARTPASS versions prior to 7.18.0 Money Forward for Chou Houdai versions prior to 7.18.3

Description The Android apps do not properly implement the WebView class, allowing an attacker to disclose information stored on the device via a specially crafted application.

Recommendations For Money Forward versions prior to 7.18.0, update to version 7.18.0 or later. For Money Forward for The Gunma Bank versions prior to 1.2.0, update to version 1.2.0 or later. For Money Forward for SHIGA BANK versions prior to 1.2.0, update to version 1.2.0 or later. For Money Forward for SHIZUOKA BANK versions prior to 1.4.0, update to version 1.4.0 or later. For Money Forward for SBI Sumishin Net Bank versions prior to 1.6.0, update to version 1.6.0 or later. For Money Forward for Tokai Tokyo Securities versions prior to 1.4.0, update to version 1.4.0 or later. For Money Forward for THE TOHO BANK versions prior to 1.3.0, update to version 1.3.0 or later. For Money Forward for YMFG versions prior to 1.5.0, update to version 1.5.0 or later. For Money Forward for AppPass versions prior to 7.18.3, update to version 7.18.3 or later. For Money Forward for au SMARTPASS versions prior to 7.18.0, update to version 7.18.0 or later. For Money Forward for Chou Houdai versions prior to 7.18.3, update to version 7.18.3 or later.