CVE-2018-2403

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Disclosure Management
Vendor: CVE Published:; 10 April 2018

Summary

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.

Affected Version(s)

SAP Disclosure Management 10.1

References

https://launchpad.support.sap.com/#/notes/2595800

x_refsource_MISC

https://blogs.sap.com/2018/04/10/sap-security-patch-day-a...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103727

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2018
Vulnerability Reserved
Dec 15, 2017

.