Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103727 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2595800 | Permissions Required |
http://www.securityfocus.com/bid/103727 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2595800 | Permissions Required |
Configurations
History
21 Nov 2024, 04:03
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 5.4 |
References | () http://www.securityfocus.com/bid/103727 - Third Party Advisory, VDB Entry | |
References | () https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ - Vendor Advisory | |
References | () https://launchpad.support.sap.com/#/notes/2595800 - Permissions Required |
Information
Published : 2018-04-10 15:29
Updated : 2024-11-21 04:03
NVD link : CVE-2018-2403
Mitre link : CVE-2018-2403
CVE.ORG link : CVE-2018-2403
JSON object : View
Products Affected
sap
- disclosure_management
CWE