CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.8%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

Products affected by CVE-2018-2491

Sap » Fiori Client » Version: 1.10.0

cpe:2.3:a:sap:fiori_client:1.10.0
Sap » Fiori Client » Version: 1.10.2

cpe:2.3:a:sap:fiori_client:1.10.2
Sap » Fiori Client » Version: 1.10.5

cpe:2.3:a:sap:fiori_client:1.10.5
Sap » Fiori Client » Version: 1.10.7

cpe:2.3:a:sap:fiori_client:1.10.7
Sap » Fiori Client » Version: 1.10.8

cpe:2.3:a:sap:fiori_client:1.10.8
Sap » Fiori Client » Version: 1.11.1

cpe:2.3:a:sap:fiori_client:1.11.1
Sap » Fiori Client » Version: 1.11.3

cpe:2.3:a:sap:fiori_client:1.11.3
Sap » Fiori Client » Version: 1.4

cpe:2.3:a:sap:fiori_client:1.4
Sap » Fiori Client » Version: 1.5

cpe:2.3:a:sap:fiori_client:1.5
Sap » Fiori Client » Version: 1.6

cpe:2.3:a:sap:fiori_client:1.6
Sap » Fiori Client » Version: 1.7

cpe:2.3:a:sap:fiori_client:1.7
Sap » Fiori Client » Version: 1.8

cpe:2.3:a:sap:fiori_client:1.8
Sap » Fiori Client » Version: 1.9.2

cpe:2.3:a:sap:fiori_client:1.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2491

Products

Pricing

Contact Us