CVE-2022-41209

CVE-2022-41209

Vendor Sap Se
Product SAP Customer Data Cloud (Gigya)
Weakness CWE-326 · Weak encryption
Published October 11, 2022
Last update May 20, 2025

CVSS base score

What the vulnerability does

01Description

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.

Key dates

02Disclosure timeline

October 11, 2022 CVE published
May 20, 2025 Record updated