Vulnerabilities > CVE-2022-41210 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in SAP Customer Data Cloud 7.4

CVSS 5.2 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

low complexity

sap

CWE-338

NVD

Published: 2022-10-11

Updated: 2023-11-07

Summary

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Customer Data Cloud 7.4	1

Common Weakness Enumeration (CWE)

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3248384