Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability.
References
Link | Resource |
---|---|
https://github.com/SAP/mobilesdk-certificateprovider/security/advisories/GHSA-r2j9-h6q9-cq8g | Patch Third Party Advisory |
Configurations
Information
Published : 2021-06-09 07:15
Updated : 2022-05-03 09:04
NVD link : CVE-2021-33669
Mitre link : CVE-2021-33669
JSON object : View
CWE
CWE-668
Exposure of Resource to Wrong Sphere
Products Affected
sap
- mobile_sdk_certificate_provider