PT-2021-14278 · Nike · Nike App For Ios+1

Published

2021-10-13

Updated

2022-05-03

CVE-2021-20834

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Nike App for Android versions prior to 2.177 Nike App for iOS versions prior to 2.177.1

Description: The issue is related to improper authorization in the handler for a custom URL scheme, allowing a remote attacker to trick a user into accessing an arbitrary website via the vulnerable App.

Recommendations: For Nike App for Android versions prior to 2.177, update to version 2.177 or later. For Nike App for iOS versions prior to 2.177.1, update to version 2.177.1 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-20834

Affected Products

Nike App For Android

Nike App For Ios

PT-2021-14278 · Nike · Nike App For Ios+1

CVE-2021-20834

Weakness Enumeration

Related Identifiers

Affected Products

References · 5