nvd-json-data-feeds/CVE-2021/CVE-2021-404xx/CVE-2021-40498.json

{
  "id": "CVE-2021-40498",
  "sourceIdentifier": "cna@sap.com",
  "published": "2021-10-12T15:15:09.523",
  "lastModified": "2024-11-21T06:24:16.033",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SAP SuccessFactors Mobile Application para Android - versiones anteriores a la 2108, que permite a un atacante impedir que los usuarios leg\u00edtimos accedan a un servicio, ya sea al bloquear o inundar el servicio, lo que puede conllevar a una denegaci\u00f3n de servicio. La vulnerabilidad est\u00e1 relacionada con los m\u00e9todos de implementaci\u00f3n de Android que se usan ampliamente en las aplicaciones m\u00f3viles de Android, y dichos m\u00e9todos est\u00e1n insertados en la aplicaci\u00f3n m\u00f3vil de SAP SuccessFactors. Estos m\u00e9todos de Android comienzan a ejecutarse una vez que el usuario accede a su perfil en la aplicaci\u00f3n m\u00f3vil. Mientras se ejecutan, tambi\u00e9n pueden recoger las actividades de otras aplicaciones Android que se est\u00e1n ejecutando en segundo plano en el dispositivo del usuario y que est\u00e1n usando los mismos tipos de m\u00e9todos en la aplicaci\u00f3n. Esta vulnerabilidad tambi\u00e9n puede conllevar a ataques de phishing que pueden ser usados para realizar otros tipos de ataques"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "baseScore": 2.1,
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:successfactors_mobile:*:*:*:*:*:android:*:*",
              "versionEndExcluding": "2108",
              "matchCriteriaId": "A8AD78C4-78CE-4500-A78B-C39ADFD31B30"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://launchpad.support.sap.com/#/notes/3077635",
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://launchpad.support.sap.com/#/notes/3077635",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}