Vulnerability Details CVE-2017-15293
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/bid/100713
- https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/
- https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/
- https://erpscan.io/research/hacking-sap-pos/
- http://www.securityfocus.com/bid/100713
- https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/
- https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/
- https://erpscan.io/research/hacking-sap-pos/
Products affected by CVE-2017-15293
-
cpe:2.3:a:sap:point_of_sale_xpress_server:1020
-
cpe:2.3:a:sap:point_of_sale_xpress_server:1030