Description
Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
https://jvn.jp/en/jp/JVN77402327/index.html
Third Party Advisory
https://www.tenable.com/cve/CVE-2020-5627
Scores
CVSS v3
6.1
EPSS
0.0086
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
yodobashi/yodobashi
< 1.8.7
Published
Sep 09, 2020
Tracked Since
Feb 18, 2026