1.2.4

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

jreast

critical

NVD

Published: 2019-05-17

Updated: 2024-11-21

Summary

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Jreast Jreast JR East Japan 1.0 Jreast JR East Japan 1.2.0 Jreast JR East Japan 1.2.4	3

References

http://jvn.jp/en/jp/JVN01119243/index.html
http://jvn.jp/en/jp/JVN01119243/index.html
https://www.jreast.co.jp/press/2018/20190310.pdf
https://www.jreast.co.jp/press/2018/20190310.pdf