Lucene search

[email protected]NVD:CVE-2021-20873

HistoryDec 28, 2021 - 2:15 a.m.

CVE-2021-20873

2021-12-2802:15:06

CWE-862

[email protected]

web.nvd.nist.gov

yappli

app development

custom url scheme

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.2%

JSON

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.

Affected configurations

Nvd

Node

yappliyappliRange7.3.6–9.30.0

VendorProductVersionCPE
yappliyappli*cpe:2.3:a:yappli:yappli:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yappli	yappli	*	cpe:2.3:a:yappli:yappli::::::::

References

jvn.jp/en/jp/JVN66422035/index.html

support.yappli.co.jp/hc/ja/articles/4410249902745

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.2%

JSON

Related for NVD:CVE-2021-20873

cve1 cvelist1 jvn1 cnvd1 prion1