Japan Vulnerability NotesJVN:71815309JVN#71815309: Auction Camera vulnerable to URL whitelist bypass
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
70.9%
Auction Camera provided by Newphoria Corporation Inc. is an application for both iOS or Android built using “applican”. Auction Camera contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme.
Impact
Android version of this app may allow an applican API to be executed if that API has been granted permission in the android manifest.
iOS version of this app may allow an arbitrary API to be executed.
Solution
For Auction Camera for Android:
Update the Software
Update to the latest version according to the information provided by the developer.
For Auction Camera for iOS:
Do not use Auction Camera for iOS
Auction Camera for iOS is no longer being developed or maintained. It is recommended to stop using Auction Camera for iOS.
Products Affected
- Auction Camera for Android versions 1.1 and earlier
- Auction Camera for iOS
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
70.9%