CVE-2018-2489

Name of the Vulnerable Software and Affected Versions SAP Fiori Client versions prior to 1.11.5

Description The issue is related to insufficient access control in the SAP Fiori Client mobile runtime environment. It allows a remote attacker to bypass the authorization system. Additionally, any Android application can locally delete the SSO configuration of SAP Fiori Client without requiring any permissions.

Recommendations For versions prior to 1.11.5, update to version 1.11.5, which is available in the Google Play store, to address the issues. As a temporary workaround, consider restricting access to the SSO configuration to minimize the risk of exploitation.