CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-2449

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.9%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/105079
https://launchpad.support.sap.com/#/notes/2655250
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
http://www.securityfocus.com/bid/105079
https://launchpad.support.sap.com/#/notes/2655250
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Products affected by CVE-2018-2449

Sap » Supplier Relationship Management Mdm Catalog » Version: 3.73

cpe:2.3:a:sap:supplier_relationship_management_mdm_catalog:3.73
Sap » Supplier Relationship Management Mdm Catalog » Version: 7.31

cpe:2.3:a:sap:supplier_relationship_management_mdm_catalog:7.31
Sap » Supplier Relationship Management Mdm Catalog » Version: 7.32

cpe:2.3:a:sap:supplier_relationship_management_mdm_catalog:7.32

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2449

Products

Pricing

Contact Us