CVE-2016-7812

low

Published 2017-08-02 · Modified 2026-05-13

CVSS v3

3.1

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2

4.3

VIR risk

3.1

Description

The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ver5.2.2 and earlier allow a man-in-the-middle attacker to downgrade the communication between the app and the server from TLS v1.2 to SSL v3.0, which may result in the attacker to eavesdrop on an encrypted communication.

Predictions

Exploit likelihood

42%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
mufg	mitsubishi_ufj	`{"endIncluding":"5.2.2"}`
mufg	mitsubishi_ufj	`5.3.1`

References

http://www.securityfocus.com/bid/94829
https://jvn.jp/en/vu/JVNVU92900492/
http://www.securityfocus.com/bid/94829
https://jvn.jp/en/vu/JVNVU92900492/

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.