Information Disclosure Vulnerability in SAP Customer Data Cloud Mobile App for Android
CVE-2022-41209
5.2MEDIUM
What is CVE-2022-41209?
The SAP Customer Data Cloud mobile app for Android, specifically version 7.4, utilizes an encryption method that lacks adequate diffusion and fails to obscure data patterns effectively. This vulnerability could result in unauthorized access to sensitive information under certain conditions. Additionally, the application may be affected by replay attacks, whereby an attacker could reuse valid data transmissions to compromise security further.
Affected Version(s)
SAP Customer Data Cloud (Gigya) 7.4