CVE-2018-2403

{"id": "CVE-2018-2403", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2018-04-10T15:29:01.190", "references": [{"url": "http://www.securityfocus.com/bid/103727", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2595800", "tags": ["Permissions Required"], "source": "cna@sap.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to."}, {"lang": "es", "value": "En ciertas condiciones, SAP Disclosure Management 10.1 permite que un atacante acceda a informaci\u00f3n que normalmente estar\u00eda restringida. Es posible para un usuario autorizado hacer que SAP Disclosure Management se\u00f1ale un tipo de cap\u00edtulo en concreto en un cap\u00edtulo al cual el usuario no tiene permiso de acceso."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:disclosure_management:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53067DD8-3718-46AE-AA69-2065C07F5EEF"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}