CVE-2022-41210

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-41210
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

5.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/3248384 Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*
History

No history.

Information

Published : 2022-10-11 21:15

Updated : 2023-11-07 03:52

NVD link : CVE-2022-41210

Mitre link : CVE-2022-41210

CVE.ORG link : CVE-2022-41210

JSON object : View

Products Affected

sap

  • customer_data_cloud
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)