CVE-2022-41210

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-41210
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

5.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/3248384 Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*
History

07 Nov 2023, 03:52

Type Values Removed Values Added
Summary SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

12 Oct 2022, 20:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.2
References (MISC) https://launchpad.support.sap.com/#/notes/3248384 - (MISC) https://launchpad.support.sap.com/#/notes/3248384 - Permissions Required, Vendor Advisory
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
First Time Sap
Sap customer Data Cloud
CPE cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*

11 Oct 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-10-11 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-41210

Mitre link : CVE-2022-41210

CVE.ORG link : CVE-2022-41210

JSON object : View

Products Affected

sap

  • customer_data_cloud
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)