PT-2018-2619 · Sap · Sap Fiori Client

Published

2018-09-11

Updated

2019-10-03

CVE-2018-2489

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Fiori Client versions prior to 1.11.5

Description The issue is related to insufficient access control in the SAP Fiori Client mobile runtime environment. It allows a remote attacker to bypass the authorization system. Additionally, any Android application can locally delete the SSO configuration of SAP Fiori Client without requiring any permissions.

Recommendations For versions prior to 1.11.5, update to version 1.11.5, which is available in the Google Play store, to address the issues. As a temporary workaround, consider restricting access to the SSO configuration to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-264

Related Identifiers

BDU:2019-01229

CVE-2018-2489

Affected Products

Sap Fiori Client

PT-2018-2619 · Sap · Sap Fiori Client

CVE-2018-2489

Weakness Enumeration

Related Identifiers

Affected Products

References · 6