CVE-2017-15295

Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Common Weakness Enumeration
References
https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/
https://erpscan.io/advisories/erpscan-17-033-sap-pos-missing-authentication-xpressserver/
https://erpscan.io/research/hacking-sap-pos/
https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/
https://erpscan.io/advisories/erpscan-17-033-sap-pos-missing-authentication-xpressserver/
https://erpscan.io/research/hacking-sap-pos/