Search
Find a vulnerability
Search criteria
2 vulnerabilities found for nike by nike
CVE-2021-20834 (GCVE-0-2021-20834)
Vulnerability from nvd – Published: 2021-10-13 08:31 – Updated: 2024-08-03 17:53
VLAI
EPSS
VEX
Summary
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Authorization in Handler for Custom URL Scheme
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=com… | x_refsource_MISC |
| https://apps.apple.com/app/nike/id1095459556 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN89126639/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nike, Inc. | Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 |
Affected:
Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"vendor": "Nike, Inc.",
"versions": [
{
"status": "affected",
"version": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T08:31:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"version": {
"version_data": [
{
"version_value": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
}
]
},
"vendor_name": "Nike, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Handler for Custom URL Scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.nike.omega",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"name": "https://apps.apple.com/app/nike/id1095459556",
"refsource": "MISC",
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"name": "https://jvn.jp/en/jp/JVN89126639/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20834",
"datePublished": "2021-10-13T08:31:12.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:23.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20834 (GCVE-0-2021-20834)
Vulnerability from cvelistv5 – Published: 2021-10-13 08:31 – Updated: 2024-08-03 17:53
VLAI
EPSS
VEX
Summary
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Authorization in Handler for Custom URL Scheme
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=com… | x_refsource_MISC |
| https://apps.apple.com/app/nike/id1095459556 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN89126639/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nike, Inc. | Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 |
Affected:
Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"vendor": "Nike, Inc.",
"versions": [
{
"status": "affected",
"version": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T08:31:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"version": {
"version_data": [
{
"version_value": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
}
]
},
"vendor_name": "Nike, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Handler for Custom URL Scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.nike.omega",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"name": "https://apps.apple.com/app/nike/id1095459556",
"refsource": "MISC",
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"name": "https://jvn.jp/en/jp/JVN89126639/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20834",
"datePublished": "2021-10-13T08:31:12.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:23.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}