CVE-2018-2362 - A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP request

CVE-2018-2362

Summary

A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.

References

http://www.securityfocus.com/bid/102452
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
https://launchpad.support.sap.com/#/notes/2575750

Vulnerable Configurations

cpe:2.3:a:sap:hana:1.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana:1.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana:2.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana:2.00:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	102452
confirm	https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ https://launchpad.support.sap.com/#/notes/2575750

Last major update

24-08-2020 - 17:37

Published

09-01-2018 - 15:29

Last modified

24-08-2020 - 17:37