CVE-2022-41210

EPSS 0.18%
Published 11.10.2022 21:15:26
Last modified 20.05.2025 14:15:23
Source cna@sap.com
Teams watchlist Login
Open Login

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Customer Data Cloud Version7.4 SwPlatformandroid

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.4

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.2	0.9	4.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.2	0.9	4.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3248384

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-41210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41210

EUVD