Information Disclosure in SAP Identity Management 8.0 by SAP
CVE-2018-2417

5.3MEDIUM

Key Information:

Vendor
SAP
Status
SAP Identity Management
Vendor
CVE Published:
9 May 2018

Summary

The SAP Identity Management 8.0 has a vulnerability that, under specific conditions, allows an unauthorized attacker to access restricted information through a pass of type ToASCII. This weakness could lead to the exposure of sensitive data, highlighting the importance of applying security patches and reviewing access controls to protect against potential attacks.

Affected Version(s)

SAP Identity Management 8.0

References

https://blogs.sap.com/2018/05/08/sap-security-patch-day-m...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104112
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2601492
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.