6 matches found
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the...
CVE-2024-41918
CVE-2024-41918 affects the Rakuten Ichiba App for Android (≤12.4.0) and iOS (≤11.7.0). The root cause is improper authorization in the handler for the custom URL scheme (CWE-939), which can allow an arbitrary site to be opened in the app’s WebView via an Intent from another application, potential...
"Rakuten Ichiba App" fails to restrict custom URL schemes properly
Overview "Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security...
Rakuten Ichiba 安全漏洞
Rakuten Ichiba is an online shopping APP from Rakuten, a Japanese company. A security vulnerability exists in Rakuten Ichiba that stems from a failure to properly restrict access to features that use custom URL schemes, increasing the risk of users being subject to phishing attacks...
JVN#56648919: "Rakuten Ichiba App" fails to restrict custom URL schemes properly
"Rakuten Ichiba App" provided by Rakuten Group, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to...