PT-2018-15571 · Sap · Sap Srm Mdm Catalog

Published

2018-08-14

Updated

2018-10-11

CVE-2018-2449

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions SAP SRM MDM Catalog versions 3.73, 7.31, 7.32

Description The issue concerns an unauthenticated functionality in the import feature that fails to perform authentication checks for valid repository users. This can be exploited on Windows machines to perform SMB relaying.

Recommendations For SAP SRM MDM Catalog version 3.73, update to a version that includes the fix for this issue. For SAP SRM MDM Catalog version 7.31, update to a version that includes the fix for this issue. For SAP SRM MDM Catalog version 7.32, update to a version that includes the fix for this issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-2449

Affected Products

Sap Srm Mdm Catalog

PT-2018-15571 · Sap · Sap Srm Mdm Catalog

CVE-2018-2449

Weakness Enumeration

Related Identifiers

Affected Products

References · 5