CVE-2018-2403
Summary
| CVE | CVE-2018-2403 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-10 15:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific chapter type to a chapter the user has not been given access to. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Disclosure Management | 10.1 | All | All | All |
| Application | Sap | Disclosure Management | 10.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required |
| SAP Disclosure Management Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SAP Security Patch Day – April 2018 | SAP Blogs | CONFIRM | blogs.sap.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.