CVE-2022-41209

Name of the Vulnerable Software and Affected Versions SAP Customer Data Cloud (Gigya mobile app for Android) version 7.4

Description The issue is related to an insufficiently robust encryption method used by the software, which lacks proper diffusion and does not effectively hide patterns. This can lead to information disclosure. In certain scenarios, the application may also be susceptible to replay attacks. The vulnerability can be exploited by a remote attacker to disclose protected information.

Recommendations For version 7.4, consider updating the encryption method to one that provides proper diffusion and effectively hides patterns to prevent information disclosure and replay attacks. As a temporary workaround, restrict access to sensitive data handled by the application to minimize the risk of exploitation.