Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by Siber Systems Inc.

    JVNDB-2026-016626

    Vulnerability from jvndb - Published: 2026-05-21 17:22 - Updated:2026-05-21 17:22
    Severity
    3.3 (Low) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
    Summary
    Android App "RoboForm Password Manager" insufficient validation of Android intents
    Details
    Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages (e.g., login pages), but without sufficient URL validation, user confirmation nor notification.
    • Insufficient UI Warning of Dangerous Operations (CWE-357) - CVE-2026-47782
    • The CVSS vectors above assume that a victim user is directed to install some malicious app, and the app sends an intent to make RoboForm to download some files silently
    Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016626.html",
  "dc:date": "2026-05-21T17:22+09:00",
  "dcterms:issued": "2026-05-21T17:22+09:00",
  "dcterms:modified": "2026-05-21T17:22+09:00",
  "description": "Android App \"RoboForm Password Manager\" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages (e.g., login pages), but without sufficient URL validation, user confirmation nor notification.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/357.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eInsufficient UI Warning of Dangerous Operations (CWE-357) - CVE-2026-47782\u003c/li\u003e\u003cli\u003eThe CVSS vectors above assume that a victim user is directed to install some malicious app, and the app sends an intent to make RoboForm to download some files silently\u003c/li\u003e\u003c/ul\u003eJohan Francsics reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-016626.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:siber_systems_roboform_password",
    "@product": "RoboForm Password Manager",
    "@vendor": "Siber Systems Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "3.3",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2026-016626",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93461473/index.html",
      "@id": "JVNVU#93461473",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2026-47782",
      "@id": "CVE-2026-47782",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/357.html",
      "@id": "CWE-357",
      "@title": "Insufficient UI Warning of Dangerous Operations(CWE-357)"
    }
  ],
  "title": "Android App \"RoboForm Password Manager\" insufficient validation of Android intents"
}

    JVNDB-2025-001605

    Vulnerability from jvndb - Published: 2025-02-20 20:15 - Updated:2025-02-20 20:15
    Severity
    5.2 (Medium) - cvssV3_0 - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
    Summary
    "RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel
    Details
    "RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel (CWE-288). Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001605.html",
  "dc:date": "2025-02-20T20:15+09:00",
  "dcterms:issued": "2025-02-20T20:15+09:00",
  "dcterms:modified": "2025-02-20T20:15+09:00",
  "description": "\"RoboForm Password Manager\" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel (CWE-288).\r\n\r\nJohan Francsics reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001605.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:siber_systems_roboform_password",
    "@product": "RoboForm Password Manager",
    "@vendor": "Siber Systems Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.2",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-001605",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92071645/",
      "@id": "JVNVU#92071645",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26700",
      "@id": "CVE-2025-26700",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/288.html",
      "@id": "CWE-288",
      "@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
    }
  ],
  "title": "\"RoboForm Password Manager\" App for Android vulnerable to authentication bypass using an alternate path or channel"
}