4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
50.6%
UNIQLO App provided by UNIQLO CO., LTD. contains multiple access restriction bypass vulnerabilities below.
A remote attacker may be able to lead a user to access an arbitrary website via the vulnerable App.
The App launched by a Custom URL Scheme may lead a user to access an arbitrary URL - CVE-2020-5628
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
The App may receive an Intent from an arbitrary App which may lead a user to access an arbitrary URL requested by an Inten****t - CVE-2020-5629
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 3.3 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
Update the Application
Update the application to the latest version according to the information provided by the developer.
The vulnerability is fixed in version 7.3.4.
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
50.6%