CVE-2018-2494

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.0HIGH

EPSS

0.3%

top 47.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Business Application Software Integrated Solution SAP SAP Basis (abap Platform)SAP SAP Basis (AS Abap OF SAP Netweaver)

Timeline

PublishedDec 11

Latest updateMay 13

Description

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5sap/sap_basis_(abap_platform)= 7.50 to 7.53

▶CVEListV5sap/sap_basis_(as_abap_of_sap_netweaver)4 versions+3

▶NVDsap/business_application_software_integrated_solution7.00 — 7.02+4

🔴Vulnerability Details

GHSA

GHSA-4jg3-767h-m23q: Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver↗2022-05-13

▶

CVEList

CVE-2018-2494: Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver↗2018-12-11

▶