Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure vulnerability in SAP Authenticator for Android
Vulnerability Description
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
特权定义了不安全动作
Vulnerability Title
SAP Authenticator 安全漏洞
Vulnerability Description
SAP Authenticator是德国思爱普(SAP)公司的一种移动应用程序,可为需要一次性密码验证的系统生成密码。 SAP Authenticator 1.3.0版本存在安全漏洞,该漏洞源于允许授权攻击者在移动设备上安装恶意应用程序进行捕获屏幕,攻击者利用该漏洞可以读取敏感信息据。
CVSS Information
N/A
Vulnerability Type
N/A