CVE-2018-2373

5 documents4 sources

Severity

7.5HIGH

EPSS

0.8%

top 26.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Hana Extended Application Services SAP Hana Extended Application Services

Timeline

PublishedFeb 14

Latest updateMay 13

Description

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/hana_extended_application_services1.0

▶CVEListV5sap_se/sap_hana_extended_application_services1.0

🔴Vulnerability Details

GHSA

GHSA-w83g-42xc-m82f: Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deli↗2022-05-13

▶

CVEList

CVE-2018-2373: Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deli↗2018-02-14

▶

💬Community

Bugzilla

CVE-2018-10869 redhat-certification: /download allows to download any file↗2018-06-21

▶

Bugzilla

CVE-2018-10864 redhat-certification: resource consumption in DocumentBase:loadFiltered↗2018-06-21

▶