Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Aug 2, 2024
Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
CVE-2023-6542
Description
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
Affected products
2- SAP_SE/SAP EMARSYS SDK ANDROIDv5Range: 100
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.