CVE-2018-2485SAP Fiori Client vulnerability

3 documents3 sources
Severity
7.7HIGHNVD
EPSS
0.2%
top 57.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Fiori ClientSAP Fiori Client
Timeline
PublishedNov 13
Latest updateMay 13

Description

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages2 packages

NVDsap/fiori_client< 1.11.5
CVEListV5sap/sap_fiori_client< 1.11.5

🔴Vulnerability Details

2
GHSA
GHSA-gv8x-5q42-g72w: It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application2022-05-13
CVEList
CVE-2018-2485: It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application2018-11-13
CVE-2018-2485 — SAP Fiori Client vulnerability | cvebase