PT-2018-3415 · Sap · Sap Netweaver As Java

Published

2018-12-11

Updated

2021-09-09

CVE-2018-2503

CVSS v3.1

7.4

High

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions prior to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Description: The issue is related to insufficient access restrictions to protected resources in the SAP NetWeaver AS Java keystore service. This is due to authorization errors. Exploitation of the issue could allow a remote attacker to disclose protected information.

Recommendations: For SAP NetWeaver AS Java versions prior to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, update to a version that includes the fix, such as ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2020-00804

CVE-2018-2503

Affected Products

Sap Netweaver As Java

PT-2018-3415 · Sap · Sap Netweaver As Java

CVE-2018-2503

Weakness Enumeration

Related Identifiers

Affected Products

References · 7