Insecure Random Number Generation in SAP Customer Data Cloud Mobile App for Android
CVE-2022-41210

5.2MEDIUM

Key Information:

Vendor
SAP
Status
SAP Customer Data Cloud (gigya)
Vendor
CVE Published:
11 October 2022

Summary

The SAP Customer Data Cloud mobile application for Android version 7.4 is affected by a vulnerability due to its use of an insecure random number generator. This deficiency allows attackers to predict future random numbers generated by the application, leading to potential information disclosure and unauthorized modification of user settings. The nature of this vulnerability raises significant concerns regarding the overall security of user data and the integrity of user accounts.

Affected Version(s)

SAP Customer Data Cloud (Gigya) 7.4

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3248384

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.