Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.

Уязвимость программного обеспечения для интеграции функций Emarsys в мобильные приложения операционных систем Android Emarsys SDK, связанная с недостатками механизма авторизации, позволяющая нарушителю перенаправить пользователя на произвольный URL-адрес