CVE-2018-2481 Information

Description

In some SAP standard roles in SAP_ABA versions 7.00 to 7.02 7.10 to 7.11 7.30 7.31 7.40 7.50 75C to 75D a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/105906 https://launchpad.support.sap.com//notes/2693083 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2