Vulnerability Details CVE-2021-20834
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
Products affected by CVE-2021-20834
-
cpe:2.3:a:nike:nike:2.152.0
-
cpe:2.3:a:nike:nike:2.153.0
-
cpe:2.3:a:nike:nike:2.154.1
-
cpe:2.3:a:nike:nike:2.155.0
-
cpe:2.3:a:nike:nike:2.156.0
-
cpe:2.3:a:nike:nike:2.160.0
-
cpe:2.3:a:nike:nike:2.160.3
-
cpe:2.3:a:nike:nike:2.161.0
-
cpe:2.3:a:nike:nike:2.162.2
-
cpe:2.3:a:nike:nike:2.163.0
-
cpe:2.3:a:nike:nike:2.164.0
-
cpe:2.3:a:nike:nike:2.165.0
-
cpe:2.3:a:nike:nike:2.166.0
-
cpe:2.3:a:nike:nike:2.166.1
-
cpe:2.3:a:nike:nike:2.167.1
-
cpe:2.3:a:nike:nike:2.168.1
-
cpe:2.3:a:nike:nike:2.168.2
-
cpe:2.3:a:nike:nike:2.170.1
-
cpe:2.3:a:nike:nike:2.171.0
-
cpe:2.3:a:nike:nike:2.171.1
-
cpe:2.3:a:nike:nike:2.172.0
-
cpe:2.3:a:nike:nike:2.172.1
-
cpe:2.3:a:nike:nike:2.173.0
-
cpe:2.3:a:nike:nike:2.173.2
-
cpe:2.3:a:nike:nike:2.174.0
-
cpe:2.3:a:nike:nike:2.175.1
-
cpe:2.3:a:nike:nike:2.175.4.827
-
cpe:2.3:a:nike:nike:2.176.0
-
cpe:2.3:a:nike:nike:2.176.1.1429