CVE-2018-2361 — Incorrect Authorization in SE SAP Solution Manager

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 39.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Solution Manager SAP Solution Manager

Timeline

PublishedJan 9

Latest updateMay 13

Description

In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/solution_manager7.20

▶CVEListV5sap_se/sap_solution_manager7.20

🔴Vulnerability Details

GHSA

GHSA-9pg8-fgjh-8wqr: In SAP Solution Manager 7↗2022-05-13

▶

CVEList

CVE-2018-2361: In SAP Solution Manager 7↗2018-01-09

▶