CVE-2022-41209

Published: Oct 11, 2022Modified: May 20, 2025

5.2

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitability: 0.9 / Impact: 4.2

Source: NVD

Description

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

Affected (1)

Products: Sap: Customer Data Cloud

1 product

Customer Data Cloud

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Customer Data Cloud	Version 7.4

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (4)

https://launchpad.support.sap.com/#/notes/3248970

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3248970

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.