CVE-2018-2373

EUVD-2018-14228
Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
saphana_extended_application_services
1.0
𝑥
= Vulnerable software versions
References
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2589129
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2589129