Vulnerability Description
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Kernel | 7.45 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102448Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2523961Permissions Required
- http://www.securityfocus.com/bid/102448Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2523961Permissions Required
FAQ
What is CVE-2018-2360?
CVE-2018-2360 is a vulnerability with a CVSS score of 7.5 (HIGH). SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
How severe is CVE-2018-2360?
CVE-2018-2360 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2360?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Kernel.