Search
Find a vulnerability
Search criteria
3 vulnerabilities by Nike, Inc.
CVE-2021-20834 (GCVE-0-2021-20834)
Vulnerability from nvd – Published: 2021-10-13 08:31 – Updated: 2024-08-03 17:53
VLAI
EPSS
VEX
Summary
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Authorization in Handler for Custom URL Scheme
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=com… | x_refsource_MISC |
| https://apps.apple.com/app/nike/id1095459556 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN89126639/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nike, Inc. | Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 |
Affected:
Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"vendor": "Nike, Inc.",
"versions": [
{
"status": "affected",
"version": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T08:31:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"version": {
"version_data": [
{
"version_value": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
}
]
},
"vendor_name": "Nike, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Handler for Custom URL Scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.nike.omega",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"name": "https://apps.apple.com/app/nike/id1095459556",
"refsource": "MISC",
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"name": "https://jvn.jp/en/jp/JVN89126639/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20834",
"datePublished": "2021-10-13T08:31:12.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:23.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20834 (GCVE-0-2021-20834)
Vulnerability from cvelistv5 – Published: 2021-10-13 08:31 – Updated: 2024-08-03 17:53
VLAI
EPSS
VEX
Summary
Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Authorization in Handler for Custom URL Scheme
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=com… | x_refsource_MISC |
| https://apps.apple.com/app/nike/id1095459556 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN89126639/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nike, Inc. | Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 |
Affected:
Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"vendor": "Nike, Inc.",
"versions": [
{
"status": "affected",
"version": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T08:31:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1",
"version": {
"version_data": [
{
"version_value": "Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1"
}
]
}
}
]
},
"vendor_name": "Nike, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Handler for Custom URL Scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.nike.omega",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=com.nike.omega"
},
{
"name": "https://apps.apple.com/app/nike/id1095459556",
"refsource": "MISC",
"url": "https://apps.apple.com/app/nike/id1095459556"
},
{
"name": "https://jvn.jp/en/jp/JVN89126639/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN89126639/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20834",
"datePublished": "2021-10-13T08:31:12.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:23.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2021-000089
Vulnerability from jvndb - Published: 2021-10-08 14:32 - Updated:2021-10-08 14:32
Severity
Summary
Nike App fails to restrict custom URL schemes properly
Details
Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme.
The app does not restrict access to the function properly (CWE-939) which may be exploited to direct the app to access any sites.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000089.html",
"dc:date": "2021-10-08T14:32+09:00",
"dcterms:issued": "2021-10-08T14:32+09:00",
"dcterms:modified": "2021-10-08T14:32+09:00",
"description": "Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme.\r\nThe app does not restrict access to the function properly (CWE-939) which may be exploited to direct the app to access any sites.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000089.html",
"sec:cpe": {
"#text": "cpe:/a:nike:nike",
"@product": "Nike",
"@vendor": "Nike, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000089",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN89126639/index.html",
"@id": "JVN#89126639",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20834",
"@id": "CVE-2021-20834",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20834",
"@id": "CVE-2021-20834",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Nike App fails to restrict custom URL schemes properly"
}