CVE-2018-2488

3 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 59.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SAP Fiori ClientSAP Fiori Client
Timeline
PublishedNov 13
Latest updateMay 13

Description

It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/fiori_client< 1.11.5
CVEListV5sap/sap_fiori_client< 1.11.5

🔴Vulnerability Details

2
GHSA
GHSA-rrvh-xmw4-hjqf: It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and2022-05-13
CVEList
CVE-2018-2488: It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and2018-11-13
CVE-2018-2488 (HIGH CVSS 7.8) | It is possible for a malware applic | cvebase.io