Data Exposure Vulnerability in SAP Mobile Platform Offline OData Application
CVE-2018-2459
7.5HIGH
Summary
The SAP Mobile Platform version 3.0 contains a vulnerability within its Offline OData applications. When utilizing Offline OData-supplied delta tokens, there are instances where users may inadvertently receive data values that belong to different users. This issue could compromise user data confidentiality, as sensitive information may be exposed to unauthorized users. Proper configuration and updates are essential to mitigate this risk.
Affected Version(s)
SAP Mobile Platform = 3.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved