Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
Vulnerability Description
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
SAP Emarsys SDK 安全漏洞
Vulnerability Description
SAP Emarsys SDK是德国思爱普(SAP)公司的适用于Emarsys Mobile Apps的软件开发工具包。 SAP Emarsys SDK (Android)3.6.2版本存在安全漏洞,该漏洞源于缺乏适当的授权检查,攻击者利用该漏洞可以调用特定活动,并可以转发自己的网页或深层链接,而无需直接从主机应用程序进行任何验证。
CVSS Information
N/A
Vulnerability Type
N/A