Vulnerability Details : CVE-2018-2441
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
Products affected by CVE-2018-2441
- cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-2441
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-2441
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
1.2
|
4.2
|
NIST |
References for CVE-2018-2441
-
http://www.securityfocus.com/bid/105090
SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
SAP Security Patch Day – August 2018 - Product Security Response at SAP - SCN WikiVendor Advisory
-
https://launchpad.support.sap.com/#/notes/2671160
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
Jump to