CVE-2018-2398

EUVD-2018-14253
Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
sapbusiness_client
6.5
sapbusiness_client
6.5:patch_level1
sapbusiness_client
6.5:patch_level2
sapbusiness_client
6.5:patch_level3
sapbusiness_client
6.5:patch_level4
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/103370
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2580967
http://www.securityfocus.com/bid/103370
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2580967