Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Supplier Relationship Management Mdm Catalog
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-2449 1 Sap 1 Supplier Relationship Management Mdm Catalog 2024-11-21 7.5 HIGH 8.6 HIGH
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
CVE-2018-2448 1 Sap 1 Supplier Relationship Management Mdm Catalog 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.