SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In setMasterMute of AudioService.java, there is a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.