CVE-2018-2362

Published: Jan 9, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.

Affected (2)

Products: Sap: Hana

Sap

1 product

Hana

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Hana	Version 1.00
Sap Hana	Version 2.00

References (6)

http://www.securityfocus.com/bid/102452

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2575750

Source: cna@sap.com

Permissions Required

http://www.securityfocus.com/bid/102452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2575750

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.