CVE-2023-6542 HIGH

CVE-2023-6542: Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID

Vendor Sap_Se
Product SAP EMARSYS SDK ANDROID
Weakness CWE-863 · Incorrect authorization
Published December 12, 2023
Last update August 2, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Key dates

02Disclosure timeline

December 12, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE