4.7

CVE-2023-40530

EPSS 0.06%
Veröffentlicht 25.08.2023 04:15:10
Zuletzt bearbeitet 21.11.2024 08:19:39
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android  6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Skylark ≫ Skylark SwPlatformandroid Version <= 6.2.13

Skylark ≫ Skylark SwPlatformiphone_os Version <= 6.2.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.194

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478

Product

https://jvn.jp/en/jp/JVN03447226/

Third Party Advisory

https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-40530

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40530

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40530

EUVD