CVE-2018-2503

high

Description

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

https://launchpad.support.sap.com/#/notes/2658279

http://www.securityfocus.com/bid/106156

Details

Source: Mitre, NVD

Published: 2018-12-11

Updated: 2021-09-09

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity: High

Detections

Analytics