CVE-2018-2481 — Improper Privilege Management in SAP Advanced Business Application Programming

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 34.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Advanced Business Application Programming SAP ABA

Timeline

PublishedNov 13

Latest updateMay 13

Description

In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/advanced_business_application_programming7.00 — 7.02+7

▶CVEListV5sap/sap_aba8 versions+7

🔴Vulnerability Details

GHSA

GHSA-26pg-vhv9-6fgm: In some SAP standard roles, in SAP_ABA versions, 7↗2022-05-13

▶

CVEList

CVE-2018-2481: In some SAP standard roles, in SAP_ABA versions, 7↗2018-11-13

▶