CVE-2018-2459

HIGH

SAP Mobile Platform <3.0 - Info Disclosure

Title source: llm

Description

Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different user.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2672919

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105338

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

sap/mobile_platform 3.0

Published Sep 11, 2018

Tracked Since Feb 18, 2026