Vulnerability Details CVE-2018-2481
In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/105906
- https://launchpad.support.sap.com/#/notes/2693083
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
- http://www.securityfocus.com/bid/105906
- https://launchpad.support.sap.com/#/notes/2693083
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Products affected by CVE-2018-2481
-
cpe:2.3:a:sap:advanced_business_application_programming:7.00
-
cpe:2.3:a:sap:advanced_business_application_programming:7.02
-
cpe:2.3:a:sap:advanced_business_application_programming:7.10
-
cpe:2.3:a:sap:advanced_business_application_programming:7.11
-
cpe:2.3:a:sap:advanced_business_application_programming:7.30
-
cpe:2.3:a:sap:advanced_business_application_programming:7.31
-
cpe:2.3:a:sap:advanced_business_application_programming:7.40
-
cpe:2.3:a:sap:advanced_business_application_programming:7.50
-
cpe:2.3:a:sap:advanced_business_application_programming:75c
-
cpe:2.3:a:sap:advanced_business_application_programming:75d