ByteOS Network

NVD Vulnerability Details :

CVE-2015-2814

Modified

Source-cve@mitre.org

Published At-01 Apr, 2015 | 14:59

Updated At-06 May, 2026 | 22:30

SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.4

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:P

CPE Matches

SAP SE

>>clinical_task_tracker>>*

cpe:2.3:a:sap:clinical_task_tracker:*:*:*:*:*:iphone_os:*:*

SAP SE

>>emr_unwired>>*

cpe:2.3:a:sap:emr_unwired:*:*:*:*:*:iphone_os:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/73701	cve@mitre.org	N/A
https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/	cve@mitre.org	N/A
http://www.securityfocus.com/bid/73701	af854a3a-2127-422b-91ae-364da2661108	N/A
https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/	af854a3a-2127-422b-91ae-364da2661108	N/A