Vulnerability Description
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.
CVSS Score
5.9
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business One | 1.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105309Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2682503Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993Vendor Advisory
- http://www.securityfocus.com/bid/105309Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2682503Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993Vendor Advisory
FAQ
What is CVE-2018-2460?
CVE-2018-2460 is a vulnerability with a CVSS score of 5.9 (MEDIUM). SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.
How severe is CVE-2018-2460?
CVE-2018-2460 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2460?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Business One.