8 matches found
CVE-2019-5954
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors...
CVE-2019-5954
JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors...
CVE-2019-5954
CVE-2019-5954 relates to the JR East Japan train operation information push notification App for Android (version 1.2.4 and earlier). The connected documents identify an access control error (CWE-284) in the API server that fails to restrict access permissions, enabling a remote attacker to obtai...
API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions
Overview JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Tomoya Takahashi of TCU...
JVN#01119243: API server used by JR East Japan train operation information push notification App for Android fails to restrict access permissions
JR East Japan train operation information push notification App for Android provided by East Japan Railway Company fails to restrict access permissions CWE-284. The application is no longer available/supported, and its service was ended in 2019 march 23. Impact A remote attacker may obtain or alt...
CVE-2014-2001
The CVE-2014-2001 entry concerns the JR East Japan Android app (prior to version 1.2.0). The underlying issue is that the app does not verify X.509 certificates from SSL servers, enabling MITM attackers to obtain sensitive information via a crafted certificate. Impact is information disclosure of...
CVE-2014-2001
The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate...
JVN#10603428: JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates
JR East Japan App for Android. contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by...