CVE-2018-2425

Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
sapCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
sapbusiness_one
9.2
sapbusiness_one
9.3
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/104438
https://launchpad.support.sap.com/#/notes/2588475
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255
http://www.securityfocus.com/bid/104438
https://launchpad.support.sap.com/#/notes/2588475
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255