cnvd - cnvd-2022-88971

cnvd-2022-88971

Vulnerability from cnvd

Title

SAP Customer Data Cloud加密问题漏洞

Description

SAP Customer Data Cloud是德国思爱普（SAP）公司的一个提供数字客户身份和访问管理的工具。使公司能够跨多个接触点和应用程序收集、汇总和管理客户数据。 SAP Customer Data Cloud 7.4版本存在加密问题漏洞，该漏洞源于使用缺乏适当扩散且不能很好地隐藏模式的加密方法，攻击者可利用漏洞获取敏感信息。

Severity

中

Patch Name

SAP Customer Data Cloud加密问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://launchpad.support.sap.com/#/notes/3248970

Reference

https://launchpad.support.sap.com/#/notes/3248970

Impacted products

Name
SAP Customer Data Cloud 7.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41209",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41209"
    }
  },
  "description": "SAP Customer Data Cloud\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u63d0\u4f9b\u6570\u5b57\u5ba2\u6237\u8eab\u4efd\u548c\u8bbf\u95ee\u7ba1\u7406\u7684\u5de5\u5177\u3002\u4f7f\u516c\u53f8\u80fd\u591f\u8de8\u591a\u4e2a\u63a5\u89e6\u70b9\u548c\u5e94\u7528\u7a0b\u5e8f\u6536\u96c6\u3001\u6c47\u603b\u548c\u7ba1\u7406\u5ba2\u6237\u6570\u636e\u3002\n\nSAP Customer Data Cloud 7.4\u7248\u672c\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u7f3a\u4e4f\u9002\u5f53\u6269\u6563\u4e14\u4e0d\u80fd\u5f88\u597d\u5730\u9690\u85cf\u6a21\u5f0f\u7684\u52a0\u5bc6\u65b9\u6cd5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://launchpad.support.sap.com/#/notes/3248970",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-88971",
  "openTime": "2022-12-18",
  "patchDescription": "SAP Customer Data Cloud\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u63d0\u4f9b\u6570\u5b57\u5ba2\u6237\u8eab\u4efd\u548c\u8bbf\u95ee\u7ba1\u7406\u7684\u5de5\u5177\u3002\u4f7f\u516c\u53f8\u80fd\u591f\u8de8\u591a\u4e2a\u63a5\u89e6\u70b9\u548c\u5e94\u7528\u7a0b\u5e8f\u6536\u96c6\u3001\u6c47\u603b\u548c\u7ba1\u7406\u5ba2\u6237\u6570\u636e\u3002\r\n\r\nSAP Customer Data Cloud 7.4\u7248\u672c\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u7f3a\u4e4f\u9002\u5f53\u6269\u6563\u4e14\u4e0d\u80fd\u5f88\u597d\u5730\u9690\u85cf\u6a21\u5f0f\u7684\u52a0\u5bc6\u65b9\u6cd5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Customer Data Cloud\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SAP Customer Data Cloud 7.4"
  },
  "referenceLink": "https://launchpad.support.sap.com/#/notes/3248970",
  "serverity": "\u4e2d",
  "submitTime": "2022-10-13",
  "title": "SAP Customer Data Cloud\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2022-41209 (GCVE-0-2022-41209)

Vulnerability from cvelistv5

Published

2022-10-11 00:00

Modified

2025-05-20 15:00

Severity ?

5.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-326

Summary

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

References

URL

Tags

	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
	https://launchpad.support.sap.com/#/notes/3248970