Skip to content

Insecure Temporary File Storage in SAP Mobile SDK Certificate Provider

High
jameszhang-sap published GHSA-r2j9-h6q9-cq8g Jun 8, 2021

Package

No package listed

Affected versions

<=3.0.7

Patched versions

3.0.8

Description

Impact

Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impact of confidentiality integrity and availability.

Patches

The issue has been fixed in version 3.0.8 and later.

Severity

High
7.8
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE ID

CVE-2021-33669

Weaknesses