CVE-2018-2428

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
sapCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
sapinfrastructure
1.0
sapui
2.0
sapui
7.4
sapui
7.5
sapui
7.51
sapui
7.52
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/104446
https://launchpad.support.sap.com/#/notes/2621121
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255
http://www.securityfocus.com/bid/104446
https://launchpad.support.sap.com/#/notes/2621121
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255