CVE-2018-2503 - By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to

CVE-2018-2503

Summary

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

References

Vulnerable Configurations

cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

CVSS

Base:	3.3 (as of 09-09-2021 - 17:17)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:A/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	106156
misc	https://launchpad.support.sap.com/#/notes/2658279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

Last major update

09-09-2021 - 17:17

Published

11-12-2018 - 22:29

Last modified

09-09-2021 - 17:17