Vulnerability Details CVE-2018-2490
The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-2490
-
cpe:2.3:a:sap:fiori_client:1.10.0
-
cpe:2.3:a:sap:fiori_client:1.10.2
-
cpe:2.3:a:sap:fiori_client:1.10.5
-
cpe:2.3:a:sap:fiori_client:1.10.7
-
cpe:2.3:a:sap:fiori_client:1.10.8
-
cpe:2.3:a:sap:fiori_client:1.11.1
-
cpe:2.3:a:sap:fiori_client:1.11.3
-
cpe:2.3:a:sap:fiori_client:1.4
-
cpe:2.3:a:sap:fiori_client:1.5
-
cpe:2.3:a:sap:fiori_client:1.6
-
cpe:2.3:a:sap:fiori_client:1.7
-
cpe:2.3:a:sap:fiori_client:1.8
-
cpe:2.3:a:sap:fiori_client:1.9.2