CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6542

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.8%

CVSS Severity

CVSS v3 Score 7.1

References

https://me.sap.com/notes/3406244
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3406244
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-6542

Sap » Emarsys Sdk » Version: 3.6.2

cpe:2.3:a:sap:emarsys_sdk:3.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6542

Products

Pricing

Contact Us