Lucene search
+L

6 matches found

OSV
OSV
added 2024/08/29 3:15 a.m.3 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.1CVSS5.7AI score0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/29 2:47 a.m.17 views

CVE-2024-41918

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...

6.6AI score0.003EPSS
Exploits0References3
CVE
CVE
added 2024/08/29 2:47 a.m.57 views

CVE-2024-41918

CVE-2024-41918 affects the Rakuten Ichiba App for Android (≤12.4.0) and iOS (≤11.7.0). The root cause is improper authorization in the handler for the custom URL scheme (CWE-939), which can allow an arbitrary site to be opened in the app’s WebView via an Intent from another application, potential...

6.1CVSS6.6AI score0.003EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/20 7:56 a.m.6 views

"Rakuten Ichiba App" fails to restrict custom URL schemes properly

Overview "Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security...

6.1CVSS6.7AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.5 views

Rakuten Ichiba 安全漏洞

Rakuten Ichiba is an online shopping APP from Rakuten, a Japanese company. A security vulnerability exists in Rakuten Ichiba that stems from a failure to properly restrict access to features that use custom URL schemes, increasing the risk of users being subject to phishing attacks...

6.1CVSS4.7AI score0.003EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/20 12:0 a.m.21 views

JVN#56648919: "Rakuten Ichiba App" fails to restrict custom URL schemes properly

"Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...

6.1CVSS6AI score0.003EPSS
Exploits0
Rows per page
Query Builder