CVE-2018-2441

MEDIUM

SAP Kernel 7.21-7.22, 7.21EXT-7.22EXT, 7.45, 7.49, 7.53, 7.73 - Information Disclosure in Change and Transport System

Title source: llm

Description

Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105090

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2671160

Vendor Advisory x_refsource_confirm

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Scores

CVSS v3 5.5

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Details

Status published

Products (8)

sap/sap_kernel 7.21

sap/sap_kernel 7.21ext

sap/sap_kernel 7.22

sap/sap_kernel 7.22ext

sap/sap_kernel 7.45

sap/sap_kernel 7.49

sap/sap_kernel 7.53

sap/sap_kernel 7.73

Published Aug 14, 2018

Tracked Since Feb 18, 2026