CVE-2018-2360

Published: Jan 9, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.

Affected (3)

Products: Sap: Sap Kernel

Sap

1 product

Sap Kernel

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Kernel	Version 7.45
Sap Sap Kernel	Version 7.49
Sap Sap Kernel	Version 7.52

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

http://www.securityfocus.com/bid/102448

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2523961

Source: cna@sap.com

Permissions Required

http://www.securityfocus.com/bid/102448

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2523961

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.