CVE-2021-42601

Name of the Vulnerable Software and Affected Versions MCE Systems (affected versions not specified)

Description The issue is related to the categoryId parameter in the WebView component of the MCE Systems mobile device lifecycle management system. It involves errors in link processing before accessing a file and deserializing the PendingDynamicLinkData structure from a byte array Intent Extra with the key com.google.firebase.dynamiclinks.DYNAMIC LINK DATA. Exploitation of this issue could allow an attacker to elevate their privileges by injecting malicious code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.