CVE-2024-41918 — MEDIUM (6.1)

Q: How severe is CVE-2024-41918?

CVE-2024-41918 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41918?

Check the references section above for vendor advisories and patch information. Affected products include: Rakuten Ichiba.

Vulnerability Description

'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Rakuten	Ichiba	<= 11.7.0

Related Weaknesses (CWE)

CWE-939 CWE-862

References

https://apps.apple.com/jp/app/id419267350Product
https://jvn.jp/en/jp/JVN56648919/Third Party Advisory
https://play.google.com/store/apps/details?id=jp.co.rakuten.android&hl=enProduct

FAQ

What is CVE-2024-41918?

CVE-2024-41918 is a vulnerability with a CVSS score of 6.1 (MEDIUM). 'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may...

How severe is CVE-2024-41918?

CVE-2024-41918 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41918?

Check the references section above for vendor advisories and patch information. Affected products include: Rakuten Ichiba.