CVE-2016-1185

Summary

CVE	CVE-2016-1185
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-04-25 18:59:00 UTC
Updated	2017-03-15 01:59:00 UTC
Description	The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cybozu	Kintone	1.0.0	All	All	All
Application	Cybozu	Kintone	1.0.1	All	All	All
Application	Cybozu	Kintone	1.0.2	All	All	All
Application	Cybozu	Kintone	1.0.3	All	All	All
Application	Cybozu	Kintone	1.0.4	All	All	All
Application	Cybozu	Kintone	1.0.5	All	All	All
Application	Cybozu	Kintone	1.0.0	All	All	All
Application	Cybozu	Kintone	1.0.1	All	All	All
Application	Cybozu	Kintone	1.0.2	All	All	All
Application	Cybozu	Kintone	1.0.3	All	All	All
Application	Cybozu	Kintone	1.0.4	All	All	All
Application	Cybozu	Kintone	1.0.5	All	All	All

References

Reference	Source	Link	Tags
サイボウズ不具合情報公開サイト - [CyVDB-1045]認証情報に関する情報漏えいの脆弱性	CONFIRM	support.cybozu.com	Vendor Advisory
Cybozu Kintone App CVE-2016-1185 Unspecified Information Disclosure Vulnerability	BID	www.securityfocus.com
JVN#89026267: kintone mobile for Android information management vulnerability	JVN	jvn.jp	Vendor Advisory
JVNDB-2016-000055	JVNDB	jvndb.jvn.jp	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.