CVE-2015-2814
First published: Wed Apr 01 2015(Updated: )
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Clinical Task Tracker | ||
| Sap Emr Unwired |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-2814?
CVE-2015-2814 is classified as a high severity vulnerability due to the potential unauthorized access it allows to critical configurations.
How do I fix CVE-2015-2814?
To fix CVE-2015-2814, apply the patches provided in SAP Security Note 2117079 to restrict unauthorized access.
Which SAP products are affected by CVE-2015-2814?
CVE-2015-2814 affects SAP EMR Unwired and Clinical Task Tracker on iPhone OS.
What type of access does CVE-2015-2814 allow for attackers?
CVE-2015-2814 allows remote attackers to change critical backend and configuration settings.
Can CVE-2015-2814 be exploited remotely?
Yes, CVE-2015-2814 can be exploited remotely without the need for local access.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/sap
- canonical/sap clinical task tracker
- canonical/sap emr unwired