Fiori Client
CVE-2021-33699
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information.
AnalysisAI
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unauthorized attacker or malware to takeover legitimate apps and to steal user's sensitive information. Affected products include: Sap Fiori Client.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fiori Client
View allWhen opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to t
The broadcast messages received by SAP Fiori Client are not protected by permissions. Rated high severity (CVSS 7.8), th
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client
It is possible for a malware application installed on an Android device to send local push notifications with an empty m
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. Rated high sever
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today