CVE-2024-41918

NVD Published Date: August 29, 2024 at 03:15 AM
NVD Last Modified: August 30, 2024 at 04:05 PM
Download Patch
Vulnerability ID
CVE-2024-41918
Severity
MEDIUM
Severity Score
6.1
Summary
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE ID
CWE-862

Recent Publish

CVE-2024-5417

CVE-2024-6551

CVE-2024-8294

CVE-2024-29725

CVE-2024-29731

CVE-2024-29728

See SecOps Solution
in action

Schedule Demo