Lucene search

[email protected]NVD:CVE-2024-41918

HistoryAug 29, 2024 - 3:15 a.m.

CVE-2024-41918

2024-08-2903:15:05

CWE-862

CWE-939

[email protected]

web.nvd.nist.gov

android

ios

improper authorization

custom url scheme

webview

intent

phishing attack

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

‘Rakuten Ichiba App’ for Android 12.4.0 and earlier and ‘Rakuten Ichiba App’ for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user’s device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.

Affected configurations

Nvd

Node

rakutenichibaRange≤11.7.0iphone_os

rakutenichibaRange≤12.4.0android

VendorProductVersionCPE
rakutenichiba*cpe:2.3:a:rakuten:ichiba:*:*:*:*:*:iphone_os:*:*
rakutenichiba*cpe:2.3:a:rakuten:ichiba:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
rakuten	ichiba	*	cpe:2.3:a:rakuten:ichiba::::::iphone_os::*
rakuten	ichiba	*	cpe:2.3:a:rakuten:ichiba::::::android::*

References

apps.apple.com/jp/app/id419267350

jvn.jp/en/jp/JVN56648919/

play.google.com/store/apps/details?id=jp.co.rakuten.android&hl=en

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

Related for NVD:CVE-2024-41918

cvelist1 vulnrichment1 jvn1 cve1