Data Exposure Vulnerability in SAP Mobile Platform Offline OData Application
CVE-2018-2459

7.5HIGH

Key Information:

Vendor

SAP
Status
SAP Mobile Platform
Vendor
CVE Published:
11 September 2018

What is CVE-2018-2459?

The SAP Mobile Platform version 3.0 contains a vulnerability within its Offline OData applications. When utilizing Offline OData-supplied delta tokens, there are instances where users may inadvertently receive data values that belong to different users. This issue could compromise user data confidentiality, as sensitive information may be exposed to unauthorized users. Proper configuration and updates are essential to mitigate this risk.

Affected Version(s)

SAP Mobile Platform = 3.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM
https://launchpad.support.sap.com/#/notes/2672919
x_refsource_MISC
http://www.securityfocus.com/bid/105338
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.