CVE-2018-2489

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 67.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SAP Fiori ClientSAP Fiori Client
Timeline
PublishedNov 13
Latest updateMay 13

Description

Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/fiori_client< 1.11.5
CVEListV5sap/sap_fiori_client< 1.11.5

🔴Vulnerability Details

2
GHSA
GHSA-6fm7-pfp2-rx5f: Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client2022-05-13
CVEList
CVE-2018-2489: Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client2018-11-13
CVE-2018-2489 (HIGH CVSS 7.8) | cvebase.io