CVE-2015-2814 : SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (co

SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.

Published 2015-04-01 14:59:13

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-2814

SAP » Emr Unwired » For Iphone Os
cpe:2.3:a:sap:emr_unwired:*:*:*:*:*:iphone_os:*:*
Matching versions
SAP » Clinical Task Tracker » For Iphone Os
cpe:2.3:a:sap:clinical_task_tracker:*:*:*:*:*:iphone_os:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2814

EPSS FAQ

0.46%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 61 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2814

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-2814

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2814

https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/

[ERPSCAN-15-002] SAP Mobile .healthcare.emr.v2 - Unauthorized access
http://www.securityfocus.com/bid/73701

SAP EMR Unwired and Clinical Task Tracker CVE-2015-2814 Unauthorized Access Vulnerability

Jump to

Vulnerability Details : CVE-2015-2814

Products affected by CVE-2015-2814

Exploit prediction scoring system (EPSS) score for CVE-2015-2814

CVSS scores for CVE-2015-2814

CWE ids for CVE-2015-2814

References for CVE-2015-2814