CVE-2018-2503

HIGH

SAP NetWeaver AS Java - Info Disclosure

Title source: llm
STIX 2.1

Description

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106156
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2658279

Scores

CVSS v3 7.4
EPSS 0.0019
EPSS Percentile 40.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (6)
sap/netweaver_application_server_java 7.11
sap/netweaver_application_server_java 7.20
sap/netweaver_application_server_java 7.30
sap/netweaver_application_server_java 7.31
sap/netweaver_application_server_java 7.40
sap/netweaver_application_server_java 7.50
Published Dec 11, 2018
Tracked Since Feb 18, 2026