CVE-2018-2360

Опубликовано: 09 янв. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.

Ссылки

http://www.securityfocus.com/bid/102448
Third Party Advisory
VDB Entry
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2523961
Permissions Required
http://www.securityfocus.com/bid/102448
Third Party Advisory
VDB Entry
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2523961
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:sap:sap_kernel:7.45:*:*:*:*:*:*:*

cpe:2.3:o:sap:sap_kernel:7.49:*:*:*:*:*:*:*

cpe:2.3:o:sap:sap_kernel:7.52:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01672

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-7jrj-4gj5-f734