Vulnerability Details : CVE-2021-20728

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

Published 2021-06-09 02:15:07

Updated 2022-06-28 14:11:45

Source JPCERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-20728

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-20728

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2021-20728

https://jvn.jp/en/jp/JVN91691168/index.html

Third Party Advisory
https://blog.goo.ne.jp/staffblog/e/d84a6b220222462094728301782885db

Vendor Advisory

Products affected by CVE-2021-20728

Nttr » Goo Blog » For Iphone Os
Versions up to, including, (<=) 1.3.3
cpe:2.3:a:nttr:goo_blog:*:*:*:*:*:iphone_os:*:*
Matching versions
Nttr » Goo Blog » For Android
Versions up to, including, (<=) 1.2.25
cpe:2.3:a:nttr:goo_blog:*:*:*:*:*:android:*:*
Matching versions