CVE-2018-2481

Опубликовано: 13 нояб. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.

Ссылки

http://www.securityfocus.com/bid/105906
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2693083
Release Notes
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Vendor Advisory
http://www.securityfocus.com/bid/105906
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2693083
Release Notes
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:advanced_business_application_programming:*:*:*:*:*:*:*:*

Версия от 7.00 (включая) до 7.02 (включая)

cpe:2.3:a:sap:advanced_business_application_programming:*:*:*:*:*:*:*:*

Версия от 7.10 (включая) до 7.11 (включая)

cpe:2.3:a:sap:advanced_business_application_programming:7.30:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming:7.31:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming:7.40:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming:7.50:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming:75c:*:*:*:*:*:*:*

cpe:2.3:a:sap:advanced_business_application_programming:75d:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.0059

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-26pg-vhv9-6fgm