CVE-2022-41210

Name of the Vulnerable Software and Affected Versions SAP Customer Data Cloud (Gigya mobile app for Android) version 7.4

Description The issue is related to the use of an insecure random number generator program, which makes it easy for an attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. The vulnerability can be exploited by a remote attacker to disclose protected information.

Recommendations For version 7.4, consider disabling the use of the insecure random number generator program until a secure alternative is implemented. As a temporary workaround, restrict access to sensitive user settings to minimize the risk of exploitation. Avoid using the affected app for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.