exploitDog

CVE-2019-5954

Опубликовано: 17 мая 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.

Ссылки

http://jvn.jp/en/jp/JVN01119243/index.html
Third Party Advisory
https://www.jreast.co.jp/press/2018/20190310.pdf
Vendor Advisory
http://jvn.jp/en/jp/JVN01119243/index.html
Third Party Advisory
https://www.jreast.co.jp/press/2018/20190310.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jreast:jr_east_japan:*:*:*:*:*:android:*:*

Версия до 1.2.4 (включая)

EPSS

Процентиль: 45%

0.00223

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-26xg-p8p3-27cv

github

около 3 лет назад

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.

EPSS

Процентиль: 45%

0.00223

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo