CVE-2018-2403

EPSS 0.25%
Published 10.04.2018 15:29:01
Last modified 21.11.2024 04:03:45
Source cna@sap.com
Teams watchlist Login
Open Login

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.

Affected products Warnungen 0 Metrics 4 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Disclosure Management Version10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.449

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cna@sap.com	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

http://www.securityfocus.com/bid/103727

Third Party Advisory

VDB Entry

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2595800

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2018-2403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-2403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-2403

EUVD