{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41210", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "dateUpdated": "2022-11-08T16:08:08.445Z", "dateReserved": "2022-09-21T00:00:00", "datePublished": "2022-10-11T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Customer Data Cloud (Gigya)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "7.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.</p>"}], "value": "SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-338", "description": "CWE-338", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2022-11-08T16:08:08.445Z"}, "references": [{"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"url": "https://launchpad.support.sap.com/#/notes/3248384"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:customer_data_cloud:7.4:*:*:*:*:android:*:*", "matchCriteriaId": "1892A616-7928-43CF-BB88-B9E03C2E6755", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.\n\n"}, {"lang": "es", "value": "SAP Customer Data Cloud (Gigya mobile app for Android) - versi\u00f3n 7.4, usa un programa generador de n\u00fameros aleatorios no seguro que facilita al atacante la predicci\u00f3n de futuros n\u00fameros aleatorios. Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n y la modificaci\u00f3n de determinadas configuraciones del usuario"}], "id": "CVE-2022-41210", "lastModified": "2023-11-07T03:52:44.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-11T21:15:26.617", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3248384"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-338"}], "source": "cna@sap.com", "type": "Primary"}]}

{}