exploitDog

CVE-2018-2373

Опубликовано: 14 фев. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

Ссылки

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2589129
Permissions Required
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2589129
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00774

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-w83g-42xc-m82f

CVSS3: 7.5

github

больше 3 лет назад

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

EPSS

Процентиль: 73%

0.00774

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo