CVE-2018-2441 - OpenCVE

Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Sap Kernel

Configuration 1 [-]

OR	cpe:2.3:a:sap:sap_kernel:7.21:::::::*
	cpe:2.3:a:sap:sap_kernel:7.21ext:::::::*
	cpe:2.3:a:sap:sap_kernel:7.22:::::::*
	cpe:2.3:a:sap:sap_kernel:7.22ext:::::::*
	cpe:2.3:a:sap:sap_kernel:7.45:::::::*
	cpe:2.3:a:sap:sap_kernel:7.49:::::::*
	cpe:2.3:a:sap:sap_kernel:7.53:::::::*
	cpe:2.3:a:sap:sap_kernel:7.73:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/105090	Third Party Advisory VDB Entry
https://launchpad.support.sap.com/#/notes/2671160	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2018-08-14T16:00:00

Updated: 2018-08-16T09:57:01

Reserved: 2017-12-15T00:00:00

Link: CVE-2018-2441

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-14T16:29:00.553

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-2441

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "SAP Change and Transport System (ABAP)", "vendor": "SAP", "versions": [{"status": "affected", "version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"status": "affected", "version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"status": "affected", "version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"status": "affected", "version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"status": "affected", "version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"}]}], "datePublic": "2018-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-16T09:57:01", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"name": "105090", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105090"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2671160"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2018-2441", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP Change and Transport System (ABAP)", "version": {"version_data": [{"version_name": "SAP KERNEL 32 NUC", "version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"version_name": "SAP KERNEL 32 Unicode", "version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"version_name": "SAP KERNEL 64 NUC", "version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"version_name": "SAP KERNEL 64 Unicode", "version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"}, {"version_name": "SAP KERNEL ", "version_value": "7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"}]}}]}, "vendor_name": "SAP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "105090", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105090"}, {"name": "https://launchpad.support.sap.com/#/notes/2671160", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2671160"}, {"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", "refsource": "CONFIRM", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2018-2441", "datePublished": "2018-08-14T16:00:00", "dateReserved": "2017-12-15T00:00:00", "dateUpdated": "2018-08-16T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*", "matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*", "matchCriteriaId": "C2DC3DD5-36D6-462E-BD41-E1EDB5843A8A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."}, {"lang": "es", "value": "En ciertas condiciones, SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 y 7.73, permiten que un atacante transporte informaci\u00f3n que, de otra forma, estar\u00eda restringida."}], "id": "CVE-2018-2441", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-14T16:29:00.553", "references": [{"source": "cna@sap.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105090"}, {"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2671160"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}