CVE-2023-6542

Name of the Vulnerable Software and Affected Versions SAP Emarsys SDK for Android (affected versions not specified)

Description The issue is due to a lack of proper authorization checks in the Emarsys SDK for Android, allowing an attacker to call a particular activity and forward web pages and/or deep links without validation directly from the host application. On a successful attack, an attacker could navigate to an arbitrary URL, including application deep links on the device. This could potentially lead to sensitive data leaks from an app's private data directory and allow loading remote contents into an app overlay.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.