Vulnerability Details CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.1%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 3.3
References
- http://www.securityfocus.com/bid/106156
- https://launchpad.support.sap.com/#/notes/2658279
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
- http://www.securityfocus.com/bid/106156
- https://launchpad.support.sap.com/#/notes/2658279
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
Products affected by CVE-2018-2503
-
cpe:2.3:a:sap:netweaver_application_server_java:7.11
-
cpe:2.3:a:sap:netweaver_application_server_java:7.20
-
cpe:2.3:a:sap:netweaver_application_server_java:7.30
-
cpe:2.3:a:sap:netweaver_application_server_java:7.31
-
cpe:2.3:a:sap:netweaver_application_server_java:7.40
-
cpe:2.3:a:sap:netweaver_application_server_java:7.50