CVE-2018-2449

8.6HIGH

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management Master Data Management Catalog
Vendor: CVE Published:; 14 August 2018

Summary

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.

Affected Version(s)

SAP Supplier Relationship Management Master Data Management Catalog 3.73

SAP Supplier Relationship Management Master Data Management Catalog 7.31

SAP Supplier Relationship Management Master Data Management Catalog 7.32

References

http://www.securityfocus.com/bid/105079

vdb-entryx_refsource_BID

https://launchpad.support.sap.com/#/notes/2655250

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2018
Vulnerability Reserved
Dec 15, 2017

.