CVE-2023-27895

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-267
View all →

Vulnerability Description

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful exploitation, an attacker can read some sensitive information but cannot modify and delete the data.

Related Vulnerabilities

CVE-2020-7824

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handl...

CWE-2672020

CVE-2022-38124

MEDIUM
CVSS:6.5(Medium)

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.

CWE-2672022

CVE-2023-2983

MEDIUM
CVSS:6.5(Medium)

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

CWE-2672023

CVE-2024-20411

MEDIUM
CVSS:6.7(Medium)

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnera...

CWE-2672024

CVE-2019-14865

MEDIUM
CVSS:5.9(Medium)

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be tr...

CWE-2672019

CVE-2021-40354

HIGH
CVSS:7.1(High)

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All vers...

CWE-2672021