JavaScript Execution Vulnerability in SAP Fiori Client by SAP
CVE-2018-2485

7.7HIGH

Key Information:

Vendor

SAP
Status
SAP Fiori Client
Vendor
CVE Published:
13 November 2018

What is CVE-2018-2485?

A security flaw exists in the SAP Fiori Client that allows malicious applications or malware to execute arbitrary JavaScript code within SAP Fiori applications. This exploitation can lead to unauthorized access to sensitive information and manipulation of device-specific JavaScript APIs. Users are strongly advised to upgrade to SAP Fiori Client version 1.11.5, as this release addresses these vulnerabilities, enhancing protection against potential risks.

Affected Version(s)

SAP Fiori Client < 1.11.5

References

http://www.securityfocus.com/bid/105911
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2691126
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.