CVE-2018-2412

CWE-862Missing Authorization3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 38.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Disclosure ManagementSAP Disclosure Management
Timeline
PublishedApr 10
Latest updateMay 13

Description

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:LExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-465j-4h4j-7h9h: SAP Disclosure Management 102022-05-13
CVEList
CVE-2018-2412: SAP Disclosure Management 102018-04-10
CVE-2018-2412 (HIGH CVSS 8.8) | SAP Disclosure Management 10.1 does | cvebase.io