CVE-2016-4839

MEDIUM

Money Forward Android Apps - Exposure of Sensitive Information via WebView Implementation

Title source: llm
STIX 2.1

Description

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.sourcenext.com/support/i/160725_1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93035
Third Party Advisory, VDB Entry x_refsource_confirm
http://corp.moneyforward.com/info/20160920-mf-android/
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
https://jvn.jp/en/jp/JVN61297210/index.html

Scores

CVSS v3 5.5
EPSS 0.0166
EPSS Percentile 73.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (21)
Money Foward, Inc./Money Forward prior to v7.18.0
Money Foward, Inc./Money Forward for SBI Sumishin Net Bank prior to v1.6.0
Money Foward, Inc./Money Forward for SHIGA BANK prior to v1.2.0
Money Foward, Inc./Money Forward for SHIZUOKA BANK prior to v1.4.0
Money Foward, Inc./Money Forward for The Gunma Bank prior to v1.2.0
Money Foward, Inc./Money Forward for THE TOHO BANK prior to v1.3.0
Money Foward, Inc./Money Forward for Tokai Tokyo Securities prior to v1.4.0
Money Foward, Inc./Money Forward for YMFG prior to v1.5.0
moneyforward/money_forward_for_apppass < 7.18.3
moneyforward/money_forward_for_au_smartpass < 7.18.0
... and 11 more
Published May 12, 2017
Tracked Since Feb 18, 2026