CVE-2021-20873

EPSS 0.27%
Published 28.12.2021 02:15:06
Last modified 21.11.2024 05:47:19
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Yappli ≫ Yappli Version >= 7.3.6 < 9.30.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.472

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://jvn.jp/en/jp/JVN66422035/index.html

Third Party Advisory

https://support.yappli.co.jp/hc/ja/articles/4410249902745

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20873

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20873

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20873

EUVD