Vulnerability Details : CVE-2023-6542
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
Products affected by CVE-2023-6542
- cpe:2.3:a:sap:emarsys_sdk:3.6.2:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6542
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6542
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
SAP SE | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2023-6542
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by:
- cna@sap.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-6542
-
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
SAP Patch Day BlogVendor Advisory
-
https://me.sap.com/notes/3406244
SAP for Me: Sign InPermissions Required;Vendor Advisory
Jump to