CVE-2018-2448

EUVD-2018-14303
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
sapsupplier_relationship_management_mdm_catalog
3.0
sapsupplier_relationship_management_mdm_catalog
7.01
sapsupplier_relationship_management_mdm_catalog
7.02
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/105077
https://launchpad.support.sap.com/#/notes/2653846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
http://www.securityfocus.com/bid/105077
https://launchpad.support.sap.com/#/notes/2653846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742