CVE-2018-2459
First published: Tue Sep 11 2018(Updated: )
Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Mobile Platform | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP Mobile Platform vulnerability?
The vulnerability ID for this SAP Mobile Platform vulnerability is CVE-2018-2459.
Which version of SAP Mobile Platform is affected by this vulnerability?
SAP Mobile Platform version 3.0 is affected by this vulnerability.
What is the severity of CVE-2018-2459?
CVE-2018-2459 has a severity score of 7.5 (High).
What is the impact of this vulnerability?
The impact of this vulnerability is that users of SAP Mobile Platform offline OData applications may receive data values of a different user.
Are there any known solutions or mitigations for this vulnerability?
Yes, SAP has released a note with a patch and additional recommendations to mitigate this vulnerability. Please refer to the SAP Launchpad for more details.
- collector/nvd-index
- agent/tags
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- vendor/sap
- canonical/sap mobile platform
- version/sap mobile platform/3.0