SAP Knowledge Base Article - Preview

2547740 - Security concerns regarding Fiori Client


There are some security concerns using Fiori Client in a given corporate environment to access internal resources.
The concerns are regarding:

  • Using Webview with JavaScript enabled
  • printStackTrace() function being present in the app
  • Path attribute not being set in session cookie
  • Application is vulnerable to beast attack
  • Application accepts special character as user input
  • Application is vulnerable to Replay Attack
  • Application works on rooted device



  • Fiori Client 1.x
  • Operating system agnostic


SAP Fiori Client 1.11 for Android ; SAP Fiori Client 1.11 for Windows ; SAP Fiori Client 1.11 for iOS


Beast Attack; Replay Attack; Fiori Client; security; Android; Windows; Windows Mobile; Apple iOS; iPhone; iPad , KBA , MOB-FC , SAP Fiori Client Native Mobile Application , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.