CVE-2019-5954

critical

Description

JR East Japan train operation information push notification App for Android version 1.2.4 and earlier allows remote attackers to bypass access restriction to obtain or alter the user's registered information via unspecified vectors.

References

https://www.jreast.co.jp/press/2018/20190310.pdf

http://jvn.jp/en/jp/JVN01119243/index.html

Details

Source: Mitre, NVD

Published: 2019-05-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00223

Detections

Analytics