CVE-2024-41918 Vulnerability Details

  /     /     /  

CVE-2024-41918 Metadata Quick Info

CVE Published: 29/08/2024 | CVE Updated: 29/08/2024 | CVE Year: 2024
Source: jpcert | Vendor: Rakuten Group, Inc. | Product: \'Rakuten Ichiba App\' for Android
Status : PUBLISHED

CVE-2024-41918 Description

\'Rakuten Ichiba App\' for Android 12.4.0 and earlier and \'Rakuten Ichiba App\' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user\'s device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper authorization in handler for custom URL scheme
Source: Rakuten Group, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-41918 Vulnerability Details