Lucene search
JpcertVULNRICHMENT:CVE-2024-41918HistoryAug 29, 2024 - 2:47 a.m.
CVE-2024-41918
2024-08-2902:47:19
jpcert
github.com
1
rakuten ichiba
android
ios
improper authorization
custom url
phishing
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
21.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
‘Rakuten Ichiba App’ for Android 12.4.0 and earlier and ‘Rakuten Ichiba App’ for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user’s device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:rakuten:ichiba:*:*:*:*:*:*:*:*"
],
"vendor": "rakuten",
"product": "ichiba",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "12.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "0",
"lessThan": "11.7.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2024-41918
2024-08-29 02:47:19
nvd
nvd
CVE-2024-41918
2024-08-29 03:15:05
jvn
jvn
cve
cve
CVE-2024-41918
2024-08-29 03:15:05
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
21.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-41918