CVE-2016-4838

Name: CVE-2016-4838
Creator: NVD / NIST
Published: 2017-05-12T18:29:00.187+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 1.37%

Last modified Jun 17, 2026

CVE-2016-4838 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.. EPSS estimates a 1.37% chance of exploitation in the next 30 days.

Description

The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

1.37%

68.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Moneyforward	Money Forward For Apppass	< 7.18.3
Moneyforward	Money Forward For Au Smartpass	< 7.18.0
Moneyforward	Money Forward For Chou Houdai	< 7.18.3
Moneyforward	Money Forward For Sbi Sumishin Net Bank	< 1.6.0
Moneyforward	Money Forward For Shiga Bank	< 1.2.0
Moneyforward	Money Forward For Shizuoka Bank	< 1.4.0
Moneyforward	Money Forward For The Gunma Bank	< 1.2.0
Moneyforward	Money Forward For The Toho Bank	< 1.3.0
Moneyforward	Money Forward For Tokai Tokyo Securities	< 1.4.0
Moneyforward	Money Forward For Ymfg	< 1.5.0

References

http://corp.moneyforward.com/info/20160920-mf-android/Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/93034Third Party Advisory, VDB Entry
http://www.sourcenext.com/support/i/160725_1Third Party Advisory, VDB Entry
https://jvn.jp/en/jp/JVN49343562/index.htmlThird Party Advisory, VDB Entry
http://corp.moneyforward.com/info/20160920-mf-android/Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/93034Third Party Advisory, VDB Entry
http://www.sourcenext.com/support/i/160725_1Third Party Advisory, VDB Entry
https://jvn.jp/en/jp/JVN49343562/index.htmlThird Party Advisory, VDB Entry

Timeline

Published: May 12, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-4838?

How severe is CVE-2016-4838?

CVE-2016-4838 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 1.37% probability of exploitation in the next 30 days.

How do I fix CVE-2016-4838?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4838?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST