CVE-2018-2413

CWE-862Missing Authorization4 documents4 sources
Severity
8.8HIGH
EPSS
0.4%
top 39.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Disclosure ManagementSAP Disclosure Management
Timeline
PublishedApr 10
Latest updateMay 13

Description

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-276r-h3mp-5fgr: SAP Disclosure Management 102022-05-13
CVEList
CVE-2018-2413: SAP Disclosure Management 102018-04-10

💬Community

1
Bugzilla
CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution2018-07-13
CVE-2018-2413 (HIGH CVSS 8.8) | SAP Disclosure Management 10.1 does | cvebase.io