CVE-2018-2362

Опубликовано: 09 янв. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.

Ссылки

http://www.securityfocus.com/bid/102452
Third Party Advisory
VDB Entry
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2575750
Permissions Required
http://www.securityfocus.com/bid/102452
Third Party Advisory
VDB Entry
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2575750
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:hana:1.00:*:*:*:*:*:*:*

cpe:2.3:a:sap:hana:2.00:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.0028

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2p74-62pv-gq92