{"api_version":"1","generated_at":"2026-05-15T09:16:13+00:00","cve":"CVE-2018-2489","urls":{"html":"https://cve.report/CVE-2018-2489","api":"https://cve.report/api/cve/CVE-2018-2489.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-2489","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-2489"},"summary":{"title":"CVE-2018-2489","description":"Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.","state":"PUBLIC","assigner":"cna@sap.com","published_at":"2018-11-13 20:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"https://launchpad.support.sap.com/#/notes/2691126","name":"https://launchpad.support.sap.com/#/notes/2691126","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832","name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832","refsource":"MISC","tags":["Vendor Advisory"],"title":"SAP Security Patch Day – November 2018 - Product Security Response at SAP - SCN Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-2489","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2489","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"2489","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"fiori_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"2489","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"fiori_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cna@sap.com","ID":"CVE-2018-2489","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SAP Fiori Client","version":{"version_data":[{"version_name":"<","version_value":"1.11.5"}]}}]},"vendor_name":"SAP"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Missing Authorization Check"}]}]},"references":{"reference_data":[{"name":"https://launchpad.support.sap.com/#/notes/2691126","refsource":"MISC","url":"https://launchpad.support.sap.com/#/notes/2691126"},{"name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832","refsource":"MISC","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2018-11-13 20:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:fiori_client:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"2489","Ordinal":"118044","Title":"CVE-2018-2489","CVE":"CVE-2018-2489","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"2489","Ordinal":"1","NoteData":"Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"2489","Ordinal":"2","NoteData":"2018-11-13","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"2489","Ordinal":"3","NoteData":"2018-11-13","Type":"Other","Title":"Modified"}]}}}