Main Vulnerability Database Vulnerabilities #VU46876

Open redirect in UNIQLO - CVE-2020-5629

Published: September 18, 2020 / Updated: September 21, 2020

Vulnerability identifier: #VU46876

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-5629

CWE-ID: CWE-601

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
UNIQLO

Software vendor:
UNIQLO CO., LTD

Description

The vulnerability allows a local attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A local attacker can redirect the victim to arbitrary domain when the App receive an Intent from an arbitrary App.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/jp/JVN31864411/index.html

Open redirect in UNIQLO - CVE-2020-5629

Description

Remediation

External links

Please verify you're human