CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

CVSS v3 7.4 HIGH
CVSS v2.0 3.3 LOW

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/106156	Third Party Advisory VDB Entry
https://launchpad.support.sap.com/#/notes/2658279	Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:netweaver_application_server_java:7.11:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.20:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.30:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.31:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.40:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:7.50:::::::*

History

09 Sep 2021, 17:17

Type	Values Removed	Values Added
CPE	cpe:2.3:a:sap:netweaver_application_sever_java:7.31:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.50:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.40:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.11:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.20:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.30:::::::*	cpe:2.3:a:sap:netweaver_application_server_java:7.50:::::::* cpe:2.3:a:sap:netweaver_application_server_java:7.30:::::::* cpe:2.3:a:sap:netweaver_application_server_java:7.11:::::::* cpe:2.3:a:sap:netweaver_application_server_java:7.40:::::::* cpe:2.3:a:sap:netweaver_application_server_java:7.20:::::::* cpe:2.3:a:sap:netweaver_application_server_java:7.31:::::::*

20 Apr 2021, 19:13

Type	Values Removed	Values Added
CPE	cpe:2.3:a:sap:netweaver:7.11:::::::* cpe:2.3:a:sap:netweaver:7.31:::::::* cpe:2.3:a:sap:netweaver:7.50:::::::* cpe:2.3:a:sap:netweaver:7.30:::::::* cpe:2.3:a:sap:netweaver:7.20:::::::* cpe:2.3:a:sap:netweaver:7.40:::::::*	cpe:2.3:a:sap:netweaver_application_sever_java:7.31:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.40:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.11:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.30:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.20:::::::* cpe:2.3:a:sap:netweaver_application_sever_java:7.50:::::::*

Information

Published : 2018-12-11 22:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-2503

Mitre link : CVE-2018-2503

CVE.ORG link : CVE-2018-2503

JSON object : View

Products Affected

sap

netweaver_application_server_java

CWE

CWE-862

Missing Authorization

7.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-2503

7.4^/10

3.3^/10

Attach tags to `CVE-2018-2503`