CVE-2018-2368
CRITICALSAP NetWeaver System Landscape Directory LM-CORE 7.10-7.40 - Missing Authentication for Critical Function
Title source: llmDescription
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
References (3)
Core 3
Core References
Permissions Required x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2565622
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103000
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
Scores
CVSS v3
9.8
EPSS
0.0224
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (5)
sap/netweaver_system_landscape_directory
7.10
sap/netweaver_system_landscape_directory
7.20
sap/netweaver_system_landscape_directory
7.30
sap/netweaver_system_landscape_directory
7.31
sap/netweaver_system_landscape_directory
7.40
Published
Mar 01, 2018
Tracked Since
Feb 18, 2026