5.2
CVE-2022-41210
- EPSS 0.18%
- Veröffentlicht 11.10.2022 21:15:26
- Zuletzt bearbeitet 20.05.2025 14:15:23
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Customer Data Cloud Version7.4 SwPlatformandroid
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.4 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.2 | 0.9 | 4.2 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.2 | 0.9 | 4.2 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.