CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

Code injection

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

CVE-2023-27895 Information Disclosure vulnerability in SAP Authenticator for Android

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

Lark Technologies: IDOR Allows Viewer to Delete Bin's Files

An IDOR Insecure Direct Object Reference vulnerability was found where if a user with only view permissions knew the alphanumeric token of a folder, they could permanently delete it from an admin's bin. We thank @snapsec for reporting this to our team...