CVE-2018-2360

CWE-306Missing Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
1.7%
top 17.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Startup ServiceSAP SAP Kernel
Timeline
PublishedJan 9
Latest updateMay 14

Description

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_startup_service7.45, 7.49, 7.52+2
NVDsap/sap_kernel7.45, 7.49, 7.52+2

🔴Vulnerability Details

2
GHSA
GHSA-7jrj-4gj5-f734: SAP Startup Service, SAP KERNEL 72022-05-14
CVEList
CVE-2018-2360: SAP Startup Service, SAP KERNEL 72018-01-09

💥Exploits & PoCs

1
Exploit-DB
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure2019-02-11
CVE-2018-2360 (HIGH CVSS 7.5) | SAP Startup Service | cvebase.io