Insufficient Resource Protection in SAP NetWeaver AS Java
CVE-2018-2503

7.4HIGH

Key Information:

Vendor

SAP
Status
SAP Netweaver As Java (servercore)
Vendor
CVE Published:
11 December 2018

What is CVE-2018-2503?

The SAP NetWeaver AS Java keystore service presents a vulnerability that allows insufficient restriction of access to protected resources. This flaw may lead to unauthorized access, which could compromise sensitive information and overall system security. The issue has been addressed in the latest versions of SAP NetWeaver AS Java, where access control measures have been strengthened to mitigate potential exploitation.

Affected Version(s)

SAP NetWeaver AS Java (ServerCore) = 7.11 = 7.11

SAP NetWeaver AS Java (ServerCore) = 7.20 = 7.20

SAP NetWeaver AS Java (ServerCore) = 7.30 = 7.30

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
http://www.securityfocus.com/bid/106156
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2658279
x_refsource_MISC

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.