CVE-2020-11882
Last modified
CVE-2020-11882 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. EPSS estimates a 1.00% chance of exploitation in the next 30 days.
Description
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Telefonica | O2 Business | 1.2.0 |
References
- http://packetstormsecurity.com/files/158302/Android-o2-Business-1.2.0-Open-Redirect.htmlExploit, Third Party Advisory, VDB Entry
- https://rcesecurity.com/Broken Link
- http://packetstormsecurity.com/files/158302/Android-o2-Business-1.2.0-Open-Redirect.htmlExploit, Third Party Advisory, VDB Entry
- https://rcesecurity.com/Broken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11882?
How severe is CVE-2020-11882?
How do I fix CVE-2020-11882?
Are you affected by CVE-2020-11882?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST