CVE-2018-2490

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 69.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SAP Fiori ClientSAP Fiori Client
Timeline
PublishedNov 13
Latest updateMay 13

Description

The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/fiori_client< 1.11.5
CVEListV5sap/sap_fiori_client< 1.11.5

🔴Vulnerability Details

2
GHSA
GHSA-ff53-798g-f62h: The broadcast messages received by SAP Fiori Client are not protected by permissions2022-05-13
CVEList
CVE-2018-2490: The broadcast messages received by SAP Fiori Client are not protected by permissions2018-11-13
CVE-2018-2490 (HIGH CVSS 7.8) | The broadcast messages received by | cvebase.io