CVE-2021-20873

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.

Summary:

Reference Links(if available):

https://jvn.jp/en/jp/JVN66422035/index.html

https://support.yappli.co.jp/hc/ja/articles/4410249902745

CVSS Score (if available)

v2: / HIGH

v3: /

Links to Exploits(if available)

Tags: CVE, CVE-2021-20873, MISC, Third Party Advisory, vulnerability

CVE-2021-20873

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

BianLian Ransomware Victim: Law Offices of Michael J Gurfinkel, Inc

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Microsoft Addresses Four Zero-Day Vulnerabilities Exploited in the Wild

Cyber-Attack Forces Highline Public Schools to Closures

China-Linked Threat Actors Targeting Taiwan’s Military Supply Chain

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

BianLian Ransomware Victim: Law Offices of Michael J Gurfinkel, Inc

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Microsoft Addresses Four Zero-Day Vulnerabilities Exploited in the Wild

Cyber-Attack Forces Highline Public Schools to Closures

China-Linked Threat Actors Targeting Taiwan’s Military Supply Chain