Vulnerability Details : CVE-2022-41209
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.
Vulnerability category: Information leak
Products affected by CVE-2022-41209
- cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41209
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41209
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.2
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
0.9
|
4.2
|
NIST |
CWE ids for CVE-2022-41209
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by: cna@sap.com (Primary)
References for CVE-2022-41209
-
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
SAP Patch Day BlogVendor Advisory
-
https://launchpad.support.sap.com/#/notes/3248970
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
Jump to