CVE-2018-2403

EPSS 0.23%
Veröffentlicht 10.04.2018 15:29:01
Zuletzt bearbeitet 21.11.2024 04:03:45
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Disclosure Management Version10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.46

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cna@sap.com	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

http://www.securityfocus.com/bid/103727

Third Party Advisory

VDB Entry

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2595800

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2018-2403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-2403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-2403

EUVD