CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
sapnetweaver_application_server_java
7.11
sapnetweaver_application_server_java
7.20
sapnetweaver_application_server_java
7.30
sapnetweaver_application_server_java
7.31
sapnetweaver_application_server_java
7.40
sapnetweaver_application_server_java
7.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106156
https://launchpad.support.sap.com/#/notes/2658279
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
http://www.securityfocus.com/bid/106156
https://launchpad.support.sap.com/#/notes/2658279
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699