Unauthorized Access in SAP EMR Unwired and Clinical Task Tracker by SAP
CVE-2015-2814

Currently unrated

Key Information:

Vendor: SAP
Status: Clinical Task Tracker; Emr Unwired
Vendor: CVE Published:; 1 April 2015

Summary

SAP EMR Unwired and Clinical Task Tracker contain a vulnerability that fails to properly restrict access controls, allowing remote attackers to alter critical backend configurations, including backend URL, client ID, SSO URL, and info page URL. This flaw enables potential breaches that could lead to unauthorized access and manipulation of sensitive healthcare data, emphasizing the importance of securing mobile applications in healthcare environments.

References

https://erpscan.io/advisories/erpscan-15-002-sap-mobile-h...

x_refsource_MISC

http://www.securityfocus.com/bid/73701

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Apr 1, 2015