Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap emarsys sdk 3.6.2 |