Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-35290
CVE-2022-35290:
NixOS vulnerability analysis and mitigation
Overview
SAP Authenticator for Android version 1.2.17 and earlier contains an information disclosure vulnerability (CVE-2022-35290) that was disclosed on August 10, 2022. Under certain conditions, the vulnerability allows an attacker to access information which would otherwise be restricted (SecurityWeek).
Technical details
The vulnerability is rated as medium severity and affects the SAP Authenticator application for Android devices. The issue stems from improper access controls that could allow unauthorized access to restricted information (CERT-FR).
Impact
A successful exploitation of this vulnerability could allow an attacker to access sensitive information that should be restricted, potentially compromising the confidentiality of data protected by the authenticator application (SecurityWeek).
Mitigation and workarounds
SAP has addressed this vulnerability by releasing version 1.2.17 of the Authenticator for Android. Users are advised to upgrade to this version or later to mitigate the risk. There are no known workarounds for this vulnerability (SecurityWeek).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management