Vulnerabilities > CVE-2023-6542 - Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |