{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28745", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-03-08T05:28:56.611Z", "datePublished": "2024-03-18T03:18:21.948Z", "dateUpdated": "2024-11-19T19:39:30.469Z"}, "containers": {"cna": {"affected": [{"vendor": "AbemaTV, Inc.", "product": "'ABEMA' App for Android", "versions": [{"version": "prior to 10.65.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack."}], "problemTypes": [{"descriptions": [{"description": "Improper Export of Android Application Components", "lang": "en", "type": "text"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN70640802/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-03-18T03:18:21.948Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-18T15:40:51.017658Z", "id": "CVE-2024-28745", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T19:39:30.469Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.159Z"}, "title": "CVE Program Container", "references": [{"url": "https://jvn.jp/en/jp/JVN70640802/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jvn.jp/en/jp/JVN70640802/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:58.159Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-18T15:40:51.017658Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.378Z"}}], "cna": {"affected": [{"vendor": "AbemaTV, Inc.", "product": "'ABEMA' App for Android", "versions": [{"status": "affected", "version": "prior to 10.65.0"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN70640802/"}], "descriptions": [{"lang": "en", "value": "Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper Export of Android Application Components"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-03-18T03:18:21.948Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28745", "state": "PUBLISHED", "dateUpdated": "2024-11-19T19:39:30.469Z", "dateReserved": "2024-03-08T05:28:56.611Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-03-18T03:18:21.948Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack."}, {"lang": "es", "value": "Existe un problema de exportaci\u00f3n incorrecta de los componentes de la aplicaci\u00f3n de Android en la aplicaci\u00f3n 'ABEMA' para Android anterior a 10.65.0, lo que permite que otra aplicaci\u00f3n instalada en el dispositivo del usuario acceda a una URL arbitraria en la aplicaci\u00f3n 'ABEMA' para Android a trav\u00e9s de Intent. Si se explota esta vulnerabilidad, es posible que se muestre un sitio web arbitrario en la aplicaci\u00f3n y, como resultado, el usuario puede convertirse en v\u00edctima de un ataque de phishing."}], "id": "CVE-2024-28745", "lastModified": "2024-11-21T09:06:52.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-18T04:15:09.987", "references": [{"source": "[email protected]", "url": "https://jvn.jp/en/jp/JVN70640802/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/en/jp/JVN70640802/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}