Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
@cosme App for Android
- before 5.69.0
@cosme App for iOS
- before 6.74.0
Source
vultures@jpcert.or.jp
Tags
CVE-2024-45203 details
Published : Sept. 9, 2024, 7:15 a.m.
Last Modified : Sept. 9, 2024, 1:03 p.m.
Last Modified : Sept. 9, 2024, 1:03 p.m.
Description
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://jvn.jp/en/jp/JVN81570776/ | vultures@jpcert.or.jp |
This website uses the NVD API, but is not approved or certified by it.