CVE-2018-2457 : Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows so

Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted.

Published 2018-09-11 15:29:01

Updated 2020-08-24 17:37:01

Source SAP SE

View at NVD, CVE.org

Products affected by CVE-2018-2457

SAP » Adaptive Server Enterprise » Version: 16.0
cpe:2.3:a:sap:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-2457

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-2457

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2018-2457

https://launchpad.support.sap.com/#/notes/2679788

SAP ONE Support Launchpad: Log On
Permissions Required;Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

SAP Security Patch Day – September 2018 - Product Security Response at SAP - SCN Wiki
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-2457

Products affected by CVE-2018-2457

Exploit prediction scoring system (EPSS) score for CVE-2018-2457

CVSS scores for CVE-2018-2457

References for CVE-2018-2457