JVNDB-2016-000160

Money Forward Apps for Android vulnerable in the WebView class

Money Forward Apps for Android contain a vulnerability in the WebView class.

Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

SOURCENEXT CORPORATION

• Money Forward for AppPass (prior to v7.18.3)
• Money Forward for Chou Houdai (prior to v7.18.3)
• Money Forward for au SMARTPASS (prior to v7.18.0)

Money Forward, Inc.

• Money Forward (prior to v7.18.0) (Android App)
• Money Forward for SBI Sumishin Net Bank (prior to v1.6.0) (Android App)
• Money Forward for SHIGA BANK (prior to v1.2.0) (Android App)
• Money Forward for SHIZUOKA BANK (prior to v1.4.0) (Android App)
• Money Forward for THE TOHO BANK (prior to v1.3.0) (Android App)
• Money Forward for The Gunma Bank (prior to v1.2.0) (Android App)
• Money Forward for Tokai Tokyo Securities (prior to v1.4.0) (Android App)
• Money Forward for YMFG (prior to v1.5.0) (Android App)

If a user of the affected product uses another malicious Android application, information managed by the affected product may be disclosed.

[Update the application]
Update to the latest version according to the information provided by the developer.

SOURCENEXT CORPORATION

• SOURCENEXT CORPORATION : Vulnerabilities in Money Forward Apps for Android Fixed (in Japanese)

Money Forward, Inc.

• Money Forward : Money Forward, Inc. website (in Japanese)

1. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2016-4839

1. JVN : JVN#61297210
2. National Vulnerability Database (NVD) : CVE-2016-4839

• [2016/09/20]
    Web page was published
  [2017/11/27]
    References : Content was added