CVE-2018-2503

7.4HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver As Java (servercore)
Vendor: CVE Published:; 11 December 2018

Summary

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

Affected Version(s)

SAP NetWeaver AS Java (ServerCore) = 7.11 = 7.11

SAP NetWeaver AS Java (ServerCore) = 7.20 = 7.20

SAP NetWeaver AS Java (ServerCore) = 7.30 = 7.30

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

http://www.securityfocus.com/bid/106156

vdb-entryx_refsource_BID

https://launchpad.support.sap.com/#/notes/2658279

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 11, 2018
Vulnerability Reserved
Dec 15, 2017