Information Disclosure Vulnerability in SAP Customer Data Cloud Mobile App for Android
CVE-2022-41209
5.2MEDIUM
What is CVE-2022-41209?
The SAP Customer Data Cloud mobile app for Android, specifically version 7.4, utilizes an encryption method that lacks adequate diffusion and fails to obscure data patterns effectively. This vulnerability could result in unauthorized access to sensitive information under certain conditions. Additionally, the application may be affected by replay attacks, whereby an attacker could reuse valid data transmissions to compromise security further.
Affected Version(s)
SAP Customer Data Cloud (Gigya) 7.4
References
CVSS V3.1
Score:
5.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved