CVE-2018-2373 - Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthe

CVE-2018-2373

Summary

Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0.

References

https://launchpad.support.sap.com/#/notes/2589129
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

Vulnerable Configurations

cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana_extended_application_services:1.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 21-12-2023 - 04:21)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2589129

Last major update

21-12-2023 - 04:21

Published

14-02-2018 - 12:29

Last modified

21-12-2023 - 04:21