CVE-2018-2503
Summary
| CVE | CVE-2018-2503 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-11 22:29:00 UTC |
| Updated | 2021-09-09 17:17:00 UTC |
| Description | By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). |
Risk And Classification
Problem Types: CWE-862
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver | 7.11 | All | All | All |
| Application | Sap | Netweaver | 7.20 | All | All | All |
| Application | Sap | Netweaver | 7.30 | All | All | All |
| Application | Sap | Netweaver | 7.31 | All | All | All |
| Application | Sap | Netweaver | 7.40 | All | All | All |
| Application | Sap | Netweaver | 7.50 | All | All | All |
| Application | Sap | Netweaver | 7.11 | All | All | All |
| Application | Sap | Netweaver | 7.20 | All | All | All |
| Application | Sap | Netweaver | 7.30 | All | All | All |
| Application | Sap | Netweaver | 7.31 | All | All | All |
| Application | Sap | Netweaver | 7.40 | All | All | All |
| Application | Sap | Netweaver | 7.50 | All | All | All |
| Application | Sap | Netweaver Application Server Java | 7.11 | All | All | All |
| Application | Sap | Netweaver Application Server Java | 7.20 | All | All | All |
| Application | Sap | Netweaver Application Server Java | 7.30 | All | All | All |
| Application | Sap | Netweaver Application Server Java | 7.31 | All | All | All |
| Application | Sap | Netweaver Application Server Java | 7.40 | All | All | All |
| Application | Sap | Netweaver Application Server Java | 7.50 | All | All | All |
| Application | Sap | Netweaver Application Sever Java | 7.11 | All | All | All |
| Application | Sap | Netweaver Application Sever Java | 7.20 | All | All | All |
| Application | Sap | Netweaver Application Sever Java | 7.30 | All | All | All |
| Application | Sap | Netweaver Application Sever Java | 7.31 | All | All | All |
| Application | Sap | Netweaver Application Sever Java | 7.40 | All | All | All |
| Application | Sap | Netweaver Application Sever Java | 7.50 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required, Vendor Advisory |
| SAP Security Patch Day – December 2018 - Product Security Response at SAP - SCN Wiki | MISC | wiki.scn.sap.com | Vendor Advisory |
| SAP NetWeaver CVE-2018-2503 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.