CVE-2018-2503 Information

Description

By default the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11 7.20 7.30 7.31 7.40 7.50).

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/106156 https://launchpad.support.sap.com//notes/2658279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.4