Information Disclosure Vulnerability in SAP UI5 Handler Affecting SAP Products
CVE-2018-2428

5.3MEDIUM

Key Information:

Vendor
SAP
Status
SAP Infrastructure
SAP Ui
SAP Ui For SAP Netweaver 7.00
Vendor
CVE Published:
12 June 2018

Summary

The SAP UI5 Handler vulnerability could allow attackers to gain unauthorized access to sensitive information that is otherwise restricted. This situation may arise under certain conditions, potentially exposing the program's users to data leaks. Affected versions include SAP Infrastructure 1.0 and several iterations of SAP UI, specifically 7.4 through 7.52, as well as SAP UI for SAP NetWeaver 7.00 version 2.0. It is essential for users and administrators of these products to implement necessary measures to secure their systems against potential exploitation.

Affected Version(s)

SAP Infrastructure 1.0

SAP UI 7.4

SAP UI 7.5

References

https://launchpad.support.sap.com/#/notes/2621121
x_refsource_MISC
http://www.securityfocus.com/bid/104446
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.