CVE-2018-2398

Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
sapbusiness_client
6.5
sapbusiness_client
6.5:patch_level1
sapbusiness_client
6.5:patch_level2
sapbusiness_client
6.5:patch_level3
sapbusiness_client
6.5:patch_level4
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/103370
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2580967
http://www.securityfocus.com/bid/103370
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2580967