[Japanese]

JVNDB-2023-000011

SUSHIRO App for Android outputs sensitive information to the log file

Overview

SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file (CWE-532).
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.2 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.9 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


AKINDO SUSHIRO CO., LTD.
  • Singapore SUSHIRO Ver.2.0.0
  • Thailand SUSHIRO Ver.1.0.0
  • SUSHIRO Ver.4.0.31
  • Hong Kong SUSHIRO Ver.3.0.2
  • Taiwan SUSHIRO Ver.2.0.1

Impact

An attacker may obtain a credential information from the log file.
Solution

[Update the Application]
Update the application to the latest version according to the information provided by the developer.
The developer has released the following versions to fix the vulnerability.
  • SUSHIRO Ver.4.0.32
  • Thailand SUSHIRO Ver.2.0.3
  • Hong Kong SUSHIRO Ver.3.0.3
  • Singapore SUSHIRO Ver.2.0.3
  • Taiwan SUSHIRO Ver.2.0.3
Vendor Information

AKINDO SUSHIRO CO., LTD.
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2023-22362
References

  1. JVN : JVN#84642320
  2. National Vulnerability Database (NVD) : CVE-2023-22362
Revision History

  • [2023/01/31]
      Web page was published
  • [2024/06/11]
      References : Content was added