Fiori Client
Monthly
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The broadcast messages received by SAP Fiori Client are not protected by permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The broadcast messages received by SAP Fiori Client are not protected by permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.