Vulnerability Details : CVE-2018-2403
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
Products affected by CVE-2018-2403
- cpe:2.3:a:sap:disclosure_management:10.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-2403
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-2403
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
SAP SE | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2018-2403
-
https://launchpad.support.sap.com/#/notes/2595800
SAP ONE Support Launchpad: Log OnPermissions Required
-
http://www.securityfocus.com/bid/103727
SAP Disclosure Management Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
SAP Security Patch Day – April 2018 | SAP BlogsVendor Advisory
Jump to