← Back

CVE-2022-41210

nvd nist
Published: Oct 11, 2022Modified: May 20, 2025

JSON object

Loading...
5.2
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability: 0.9 / Impact: 4.2
Source: NVD

Description

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

Affected (1)

Sap
1 product
Customer Data Cloud
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Customer Data Cloud
Version 7.4

Related CWEs

CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.