8.1

CVE-2021-20873

EPSS 0.84%
Veröffentlicht 28.12.2021 02:15:06
Zuletzt bearbeitet 21.11.2024 05:47:19
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yappli ≫ Yappli Version >= 7.3.6 < 9.30.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.531

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://jvn.jp/en/jp/JVN66422035/index.html

Third Party Advisory

https://support.yappli.co.jp/hc/ja/articles/4410249902745

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20873

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20873

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20873

EUVD