Arbitrary write in the application's data folder and arbitrary read of server's replies from 3rd party apps.

A path traversal vulnerability was identified in the Android application `com.basecamp.bc3` version `3.26.3`, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses, containing sensitive information to 3rd party applications using a custom-crafted deeplink scheme.