CVE-2022-41209

5.2MEDIUM

Key Information:

Vendor: SAP
Status: SAP Customer Data Cloud (gigya)
Vendor: CVE Published:; 11 October 2022

Summary

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

Affected Version(s)

SAP Customer Data Cloud (Gigya) 7.4

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3248970

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 21, 2022