CVE-2018-2503Missing Authorization in SAP Netweaver AS Java

CWE-862Missing Authorization3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 59.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver AS JavaSAP Netweaver Application Server Java
Timeline
PublishedDec 11
Latest updateMay 13

Description

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5sap/sap_netweaver_as_java6 versions+5
NVDsap/netweaver_application6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-jcw2-j9rw-pcgc: By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected2022-05-13
CVEList
CVE-2018-2503: By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected2018-12-11
CVE-2018-2503 — Missing Authorization in SAP | cvebase