CVE-2018-2368

EUVD-2018-14223
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
sapnetweaver_system_landscape_directory
7.10
sapnetweaver_system_landscape_directory
7.20
sapnetweaver_system_landscape_directory
7.30
sapnetweaver_system_landscape_directory
7.31
sapnetweaver_system_landscape_directory
7.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103000
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2565622
http://www.securityfocus.com/bid/103000
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2565622