Vulnerability Details CVE-2018-2448
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/105077
- https://launchpad.support.sap.com/#/notes/2653846
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
- http://www.securityfocus.com/bid/105077
- https://launchpad.support.sap.com/#/notes/2653846
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Products affected by CVE-2018-2448
-
cpe:2.3:a:sap:supplier_relationship_management_mdm_catalog:3.0
-
cpe:2.3:a:sap:supplier_relationship_management_mdm_catalog:7.01
-
cpe:2.3:a:sap:supplier_relationship_management_mdm_catalog:7.02