CVE-2021-40498

Name of the Vulnerable Software and Affected Versions SAP SuccessFactors Mobile Application for Android versions older than 2108

Description A vulnerability has been identified that allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The issue is related to Android implementation methods widely used across Android mobile applications, which are embedded into the SAP SuccessFactors mobile application. These methods start executing when a user accesses their profile on the mobile application and can also pick up activities from other Android applications running in the background that use the same methods. This vulnerability can also lead to phishing attacks used for staging other types of attacks.

Recommendations For versions older than 2108, update to version 2108 or later to resolve the issue. As a temporary workaround, consider restricting access to the SAP SuccessFactors mobile application until a patch is applied. Additionally, be cautious of phishing attacks that may exploit this vulnerability, and ensure that all users are aware of the potential risks associated with accessing their profiles on the mobile application.