← Retour aux CVEs
CVE-2023-6542
HIGH7.1
Description
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
Details CVE
Score CVSS v3.17.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie12/12/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
sap:emarsys_sdk
Faiblesses (CWE)
CWE-863CWE-863
References
https://me.sap.com/notes/3406244(cna@sap.com)
https://me.sap.com/notes/3406244(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.