CVE-2024-41918
Last modified
CVE-2024-41918 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. 'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rakuten | Ichiba | <= 11.7.0 |
| Rakuten | Ichiba | <= 12.4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-41918?
How severe is CVE-2024-41918?
How do I fix CVE-2024-41918?
Are you affected by CVE-2024-41918?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST