Описание
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.7 High
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
Уязвимость мобильной среды выполнения SAP Fiori Client, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и выполнить произвольный JavaScript-код
EPSS
7.7 High
CVSS3
6.4 Medium
CVSS2