Vulnerability Description
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Point Of Sale Xpress Server | 1020 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100713Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/Issue TrackingVendor Advisory
- https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpre
- https://erpscan.io/research/hacking-sap-pos/
- http://www.securityfocus.com/bid/100713Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/Issue TrackingVendor Advisory
- https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpre
- https://erpscan.io/research/hacking-sap-pos/
FAQ
What is CVE-2017-15293?
CVE-2017-15293 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 252...
How severe is CVE-2017-15293?
CVE-2017-15293 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-15293?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Point Of Sale Xpress Server.