cnvd - cnvd-2022-88970

cnvd-2022-88970

Vulnerability from cnvd

Title

SAP Customer Data Cloud安全特征问题漏洞

Description

SAP Customer Data Cloud是德国思爱普（SAP）公司的一个提供数字客户身份和访问管理的工具。使公司能够跨多个接触点和应用程序收集、汇总和管理客户数据。 SAP Customer Data Cloud 7.4版本存在安全特征问题漏洞，该漏洞源于使用不安全的随机数生成器程序，攻击者可利用漏洞轻松预测未来的随机数，导致信息泄露和某些用户设置的修改。

Severity

中

Patch Name

SAP Customer Data Cloud安全特征问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://launchpad.support.sap.com/#/notes/3248384

Reference

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Impacted products

Name
SAP Customer Data Cloud 7.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41210",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41210"
    }
  },
  "description": "SAP Customer Data Cloud\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u63d0\u4f9b\u6570\u5b57\u5ba2\u6237\u8eab\u4efd\u548c\u8bbf\u95ee\u7ba1\u7406\u7684\u5de5\u5177\u3002\u4f7f\u516c\u53f8\u80fd\u591f\u8de8\u591a\u4e2a\u63a5\u89e6\u70b9\u548c\u5e94\u7528\u7a0b\u5e8f\u6536\u96c6\u3001\u6c47\u603b\u548c\u7ba1\u7406\u5ba2\u6237\u6570\u636e\u3002\n\nSAP Customer Data Cloud 7.4\u7248\u672c\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u7a0b\u5e8f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8f7b\u677e\u9884\u6d4b\u672a\u6765\u7684\u968f\u673a\u6570\uff0c\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u548c\u67d0\u4e9b\u7528\u6237\u8bbe\u7f6e\u7684\u4fee\u6539\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://launchpad.support.sap.com/#/notes/3248384",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-88970",
  "openTime": "2022-12-18",
  "patchDescription": "SAP Customer Data Cloud\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u63d0\u4f9b\u6570\u5b57\u5ba2\u6237\u8eab\u4efd\u548c\u8bbf\u95ee\u7ba1\u7406\u7684\u5de5\u5177\u3002\u4f7f\u516c\u53f8\u80fd\u591f\u8de8\u591a\u4e2a\u63a5\u89e6\u70b9\u548c\u5e94\u7528\u7a0b\u5e8f\u6536\u96c6\u3001\u6c47\u603b\u548c\u7ba1\u7406\u5ba2\u6237\u6570\u636e\u3002\r\n\r\nSAP Customer Data Cloud 7.4\u7248\u672c\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u7a0b\u5e8f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8f7b\u677e\u9884\u6d4b\u672a\u6765\u7684\u968f\u673a\u6570\uff0c\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u548c\u67d0\u4e9b\u7528\u6237\u8bbe\u7f6e\u7684\u4fee\u6539\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Customer Data Cloud\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SAP Customer Data Cloud 7.4"
  },
  "referenceLink": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "serverity": "\u4e2d",
  "submitTime": "2022-10-13",
  "title": "SAP Customer Data Cloud\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2022-41210 (GCVE-0-2022-41210)

Vulnerability from cvelistv5

Published

2022-10-11 00:00

Modified

2025-05-20 13:46

Severity ?

5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-338

Summary

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

References

URL

Tags

	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
	https://launchpad.support.sap.com/#/notes/3248384