CVE-2023-27895
6.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Summary
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP | Authenticator for Android | 1.3.0 | affected |
Weaknesses
- CWE-267: CWE-267: Privilege Defined with Unsafe Actions
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/3302710
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://launchpad.support.sap.com/#/notes/3302710
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.