Authentication Bypass in SAP Startup Service Affects Multiple Versions
CVE-2018-2360

7.5HIGH

Key Information:

Vendor

SAP
Status
SAP Startup Service
Vendor
CVE Published:
9 January 2018

What is CVE-2018-2360?

The SAP Startup Service in various versions of SAP KERNEL lacks an essential authentication check for functionalities requiring user identity. This oversight can lead to unauthorized users being able to consume file system storage, potentially resulting in resource depletion and disruption of service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Startup Service 7.45

SAP Startup Service 7.49

SAP Startup Service 7.52

References

https://launchpad.support.sap.com/#/notes/2523961
x_refsource_CONFIRM
https://blogs.sap.com/2018/01/09/sap-security-patch-day-j...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102448
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.