Authentication Bypass in SAP SRM MDM Catalog by SAP
CVE-2018-2449

8.6HIGH

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management Master Data Management Catalog
Vendor: CVE Published:; 14 August 2018

Summary

The import functionality in specific versions of SAP SRM MDM Catalog lacking proper authentication checks for repository users poses a significant threat. This vulnerability allows unauthorized actors to exploit this unauthenticated feature on Windows systems, enabling SMB relaying attacks that could result in unauthorized access to sensitive data and system resources.

Affected Version(s)

SAP Supplier Relationship Management Master Data Management Catalog 3.73

SAP Supplier Relationship Management Master Data Management Catalog 7.31

SAP Supplier Relationship Management Master Data Management Catalog 7.32

References

http://www.securityfocus.com/bid/105079

vdb-entryx_refsource_BID

https://launchpad.support.sap.com/#/notes/2655250

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2018
Vulnerability Reserved
Dec 15, 2017

.