CVE-2015-2814
SAP Clinical Task Tracker and EMR Unwired - Unauthenticated Backend URL Manipulation
Title source: llmDescription
SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-002-sap-mobile-healthcare-emr-v2-unauthorized-access/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73701
Scores
EPSS
0.0046
EPSS Percentile
64.3%
Details
CWE
CWE-264
Status
published
Products (2)
sap/clinical_task_tracker
sap/emr_unwired
Published
Apr 01, 2015
Tracked Since
Feb 18, 2026