Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by Rakuten, Inc.
CVE-2019-6024 (GCVE-0-2019-6024)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16
VLAI
EPSS
VEX
Summary
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_MISC |
| https://apps.apple.com/jp/app/furimaapuri-furiru-… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN41566067/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rakuten, Inc. | Rakuma App |
Affected:
for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41566067/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rakuma App",
"vendor": "Rakuten, Inc.",
"versions": [
{
"status": "affected",
"version": "for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user\u0027s authentication information via a malicious application created by the third party."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN41566067/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rakuma App",
"version": {
"version_data": [
{
"version_value": "for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Rakuten, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user\u0027s authentication information via a malicious application created by the third party."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en"
},
{
"name": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998",
"refsource": "MISC",
"url": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998"
},
{
"name": "http://jvn.jp/en/jp/JVN41566067/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN41566067/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6024",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:23.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6024 (GCVE-0-2019-6024)
Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16
VLAI
EPSS
VEX
Summary
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=jp.… | x_refsource_MISC |
| https://apps.apple.com/jp/app/furimaapuri-furiru-… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN41566067/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rakuten, Inc. | Rakuma App |
Affected:
for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN41566067/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rakuma App",
"vendor": "Rakuten, Inc.",
"versions": [
{
"status": "affected",
"version": "for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user\u0027s authentication information via a malicious application created by the third party."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN41566067/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rakuma App",
"version": {
"version_data": [
{
"version_value": "for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Rakuten, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user\u0027s authentication information via a malicious application created by the third party."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.co.fablic.fril\u0026hl=en"
},
{
"name": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998",
"refsource": "MISC",
"url": "https://apps.apple.com/jp/app/furimaapuri-furiru-fril-fasshon/id523497998"
},
{
"name": "http://jvn.jp/en/jp/JVN41566067/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN41566067/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6024",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:23.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2019-000068
Vulnerability from jvndb - Published: 2019-11-07 14:50 - Updated:2019-11-07 14:50
Severity
Summary
Rakuma App vulnerable to authentication information disclosure
Details
Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability (CWE-200).
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000068.html",
"dc:date": "2019-11-07T14:50+09:00",
"dcterms:issued": "2019-11-07T14:50+09:00",
"dcterms:modified": "2019-11-07T14:50+09:00",
"description": "Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability (CWE-200).\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000068.html",
"sec:cpe": {
"#text": "cpe:/a:rakuten:rakuma",
"@product": "rakuma",
"@vendor": "Rakuten, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000068",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN41566067/index.html",
"@id": "JVN#41566067",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6024",
"@id": "CVE-2019-6024",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6024",
"@id": "CVE-2019-6024",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Rakuma App vulnerable to authentication information disclosure"
}