PT-2018-2620 · Sap · Sap Fiori Client

Published

2018-09-11

Updated

2019-10-03

CVE-2018-2490

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Fiori Client versions prior to 1.11.5

Description The issue is related to insufficient access control in the SAP Fiori Client mobile environment, which may allow a remote attacker to disclose protected information. The broadcast messages received by SAP Fiori Client are not protected by permissions.

Recommendations For SAP Fiori Client versions prior to 1.11.5, update to version 1.11.5 to address the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-264

Related Identifiers

BDU:2019-01230

CVE-2018-2490

Affected Products

Sap Fiori Client

PT-2018-2620 · Sap · Sap Fiori Client

CVE-2018-2490

Weakness Enumeration

Related Identifiers

Affected Products

References · 6