Authentication Bypass in SAP Startup Service Affects Multiple Versions
CVE-2018-2360
7.5HIGH
Summary
The SAP Startup Service in various versions of SAP KERNEL lacks an essential authentication check for functionalities requiring user identity. This oversight can lead to unauthorized users being able to consume file system storage, potentially resulting in resource depletion and disruption of service.
Affected Version(s)
SAP Startup Service 7.45
SAP Startup Service 7.49
SAP Startup Service 7.52
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved