CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.8CVSS7.6AI score0.00115EPSS

SAP Fiori Client Information Disclosure Vulnerability

SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A security vulnerability exists in SAP Fiori Client that stems from the program's failure to protect permissions on incoming broadcast messages. An attacker could exploit the vulnerability...

7.8CVSS7.4AI score0.00189EPSS

SAP Fiori Client Denial of Service Vulnerability

SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A denial of service vulnerability exists in SAP Fiori Client, which can be exploited by an attacker with a malicious application to send local push notifications with null messages to Fior...

7.8CVSS7.9AI score0.00221EPSS

SAP Fiori Client Code Execution Vulnerability

SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A code execution vulnerability exists in SAP Fiori Client that can be exploited by an attacker to execute malicious JavaScript code in an embedded log reader...

7.8CVSS7.7AI score0.00132EPSS

SAP Fiori Client Design Vulnerability

SAP Fiori Client is a client program from SAP Germany for running the SAP Fiori Launchpad on mobile devices. A security vulnerability exists in SAP Fiori Client. An attacker can exploit the vulnerability to remove the SSO configuration with the help of an arbitrary Android application...

NVD•added 2018/11/13 8:29 p.m.•9 views

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

7.8CVSS7.6AI score0.00221EPSS

Prion•added 2018/11/13 8:29 p.m.•12 views

Information disclosure

Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

6.8CVSS7.6AI score0.00132EPSS

Prion•added 2018/11/13 8:29 p.m.•15 views

Design/Logic Flaw

6.8CVSS7.4AI score0.00221EPSS

OSV•added 2018/11/13 8:29 p.m.•1 views

CVE-2018-2488

It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

7.8CVSS5.8AI score0.00189EPSS

OSV•added 2018/11/13 8:29 p.m.•1 views

CVE-2018-2489

7.8CVSS5.9AI score

Prion•added 2018/11/13 8:29 p.m.•13 views

Information disclosure

The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

6.8CVSS7.5AI score0.00115EPSS

OSV•added 2018/11/13 8:29 p.m.•0 views

CVE-2018-2490

7.8CVSS5.8AI score

OSV•added 2018/11/13 8:29 p.m.•1 views

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

7.7CVSS5.9AI score0.00205EPSS

Exploits0References3

Prion•added 2018/11/13 8:29 p.m.•15 views

Information disclosure

6.8CVSS7.3AI score0.00189EPSS

NVD•added 2018/11/13 8:29 p.m.•9 views

CVE-2018-2490

7.8CVSS7.6AI score0.00115EPSS

CVE•added 2018/11/13 8:0 p.m.•44 views

CVE-2018-2490

The SAP Fiori Client vulnerability (CVE-2018-2490) is an information-disclosure issue where broadcast messages are not protected by permissions. Documents from multiple sources (NVD entry for CVE-2018-2490 and CNVD-2018-23280) confirm the affected software as SAP Fiori Client and describe the roo...

7.8CVSS7.5AI score0.00115EPSS