CVE-2018-2403 — Improper Authentication in SE SAP Disclosure Management

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.5MEDIUMNVD

CNA5.4GHSA9.8

EPSS

0.2%

top 53.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Disclosure Management SAP Disclosure Management

Timeline

PublishedApr 10

Latest updateMay 14

Description

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/disclosure_management10.1

▶CVEListV5sap_se/sap_disclosure_management10.1

🔴Vulnerability Details

GHSA

Symfony Authentication Bypass↗2022-05-14

▶

GHSA

GHSA-f456-7m27-wjmp: Under certain conditions, SAP Disclosure Management 10↗2022-05-13

▶

CVEList

CVE-2018-2403: Under certain conditions, SAP Disclosure Management 10↗2018-04-10

▶