admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 09:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-2485.md

19 lines
934 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2018-2485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2485)
![](https://img.shields.io/static/v1?label=Product&message=SAP%20Fiori%20Client&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C1.11.5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Code%20Injection&color=brighgreen)
### Description
It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.
### POC
#### Reference
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink