CVE-2022-41209

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-41209
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

5.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/3248970 Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*
History

07 Nov 2023, 03:52

Type Values Removed Values Added
Summary SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

12 Oct 2022, 20:27

Type Values Removed Values Added
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3248970 - (MISC) https://launchpad.support.sap.com/#/notes/3248970 - Permissions Required, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.2
CPE cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*
First Time Sap
Sap customer Data Cloud

11 Oct 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-10-11 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-41209

Mitre link : CVE-2022-41209

CVE.ORG link : CVE-2022-41209

JSON object : View

Products Affected

sap

  • customer_data_cloud
CWE
CWE-326

Inadequate Encryption Strength