CVE-2018-2409

{"id": "CVE-2018-2409", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-04-10T15:29:01.487", "references": [{"url": "http://www.securityfocus.com/bid/103702", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://launchpad.support.sap.com/#/notes/2614141", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/103702", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://launchpad.support.sap.com/#/notes/2614141", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform."}, {"lang": "es", "value": "Gesti\u00f3n incorrecta de sesi\u00f3n al emplear SAP Cloud Platform 2.0 (Connectivity Service y Cloud Connector). Bajo ciertas condiciones, los datos de otros usuarios podr\u00edan mostrarse o modificarse al emplear una aplicaci\u00f3n montada sobre SAP Cloud Platform."}], "lastModified": "2024-11-21T04:03:45.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:cloud_platform:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55749B47-2513-4CFA-BAC6-48C5CD866C6C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}