Arbitrary URL Navigation Vulnerability in Emarsys SDK for Android

Arbitrary URL Navigation Vulnerability in Emarsys SDK for Android

CVE-2023-6542 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Learn more about our Cis Benchmark Audit For Google Android.