Vulnerabilities > SAP > Fiori Client > 1.11.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-2491 | Code Injection vulnerability in SAP Fiori Client When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. | 6.8 |
| 2018-11-13 | CVE-2018-2490 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client The broadcast messages received by SAP Fiori Client are not protected by permissions. | 6.8 |
| 2018-11-13 | CVE-2018-2489 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Fiori Client Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. | 6.8 |
| 2018-11-13 | CVE-2018-2488 | Unspecified vulnerability in SAP Fiori Client It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. network sap | 6.8 |
| 2018-11-13 | CVE-2018-2485 | Unspecified vulnerability in SAP Fiori Client It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. | 6.4 |