CVE-2015-2814

SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/73701
https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/
http://www.securityfocus.com/bid/73701
https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:clinical_task_tracker::::::iphone_os::*
	cpe:2.3:a:sap:emr_unwired::::::iphone_os::*

History

No history.

Information

Published : 2015-04-01 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-2814

Mitre link : CVE-2015-2814

CVE.ORG link : CVE-2015-2814

JSON object : View

Products Affected

sap

clinical_task_tracker
emr_unwired

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-2814", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-01T14:59:12.803", "references": [{"url": "http://www.securityfocus.com/bid/73701", "source": "cve@mitre.org"}, {"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/73701", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079."}, {"lang": "es", "value": "SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) y Clinical Task Tracker (com.sap.mobile.healthcare.ctt) no restringe correctamente el acceso, lo que permite a atacantes remotos cambiar las configuraciones backendurl, clientid, ssourl, y infopageurl a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como la nota de seguridad de SAP 2117079."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:clinical_task_tracker:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "0F6F8FF3-8898-4962-88B4-B2211B27384F"}, {"criteria": "cpe:2.3:a:sap:emr_unwired:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "DB7C29AB-1650-484B-9DCA-7A2BE1147B76"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}