PT-2018-3415 · Sap · Sap Netweaver As Java

Publicado

2018-12-11

Atualizado

2021-09-09

CVE-2018-2503

CVSS v3.1

7.4

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions prior to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Description: The issue is related to insufficient access restrictions to protected resources in the SAP NetWeaver AS Java keystore service. This is due to authorization errors. Exploitation of the issue could allow a remote attacker to disclose protected information.

Recommendations: For SAP NetWeaver AS Java versions prior to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, update to a version that includes the fix, such as ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BDU:2020-00804

CVE-2018-2503

Produtos afetados

Sap Netweaver As Java

PT-2018-3415 · Sap · Sap Netweaver As Java

CVE-2018-2503

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7