- Description
- Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device.
- Source
- cna@sap.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542) #SAPEmarsysSDK #AndroidVulnerability #DataLeak #RemoteCodeExecution #RCESecurity https://t.co/vwNurxaUeA
@reverseame
10 May 2025
634 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
CVE-2023-6542 : SAP Emarsys SDK for Android Sensitive Data Leak https://t.co/dQ9SuLiaOm
@freedomhack101
25 Apr 2025
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542) https://t.co/vzGxAGBVxq https://t.co/ietNLhAeed
@secharvesterx
16 Apr 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Here's a short write-up about CVE-2023-6542 a #security vulnerability affecting the SAP Emarsys SDK for Android allowing attackers to leak sensitive data from an app's private data directory and also load remote contents into an app overlay. https://t.co/CkSAGgSlAQ
@rcesecurity
14 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542) https://t.co/nLf9Y4TWp4
@Dinosn
10 Apr 2025
1553 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:emarsys_sdk:3.6.2:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "E6793E94-E8D2-4463-8D64-966BC6D8DC55"
}
],
"operator": "OR"
}
]
}
]