SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability

Bugtraq ID:	105090
Class:	Access Validation Error
CVE:	CVE-2018-2441
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Dec 11 2018 07:00PM
Credit:	The vendor reported this issue.
Vulnerable:	SAP KERNEL32NUC 7.22 SAP KERNEL32NUC 7.21EXT SAP KERNEL32NUC 7.21 SAP Kernel 7.74 SAP Kernel 7.73 SAP Kernel 7.53 SAP Kernel 7.49 SAP Kernel 7.45 SAP Kernel 7.22 SAP Kernel 7.21 SAP Kernel 64 NUC SAP Kernel 32 Unicode SAP Kernel 32 NUC SAP ABAP Change and Transport System 0
Not Vulnerable:

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability

SAP Kernel and Change and Transport System are prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note 2671160 (SAP)
  
• SAP Security Patch Day �?? August 2018 (SAP)
  
• SAP Security Patch Day �?? December 2018 (SAP)