CVE-2023-39507

Summary

Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.

Affected Software

VendorProductVersion RangeStatus
Recruit Co., Ltd.“Rikunabi NEXT” App for Androidprior to ver. 11.5.0affected

Weaknesses

  • Improper authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References