nvd-json-data-feeds/CVE-2018/CVE-2018-24xx/CVE-2018-2494.json

{
  "id": "CVE-2018-2494",
  "sourceIdentifier": "cna@sap.com",
  "published": "2018-12-11T22:29:00.377",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform."
    },
    {
      "lang": "es",
      "value": "Se han solucionado las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, que resultaban en un escalado de privilegios, en SAP Basis AS ABAP en SAP NetWeaver, del 700 al 750 y desde el 750, provistos como plataforma ABAP."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.00",
              "versionEndIncluding": "7.02",
              "matchCriteriaId": "CF38D1E1-E07F-4E51-AE76-E27E7CE4F55C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.10",
              "versionEndIncluding": "7.30",
              "matchCriteriaId": "03F8C580-971A-46D8-B66D-B1261F17FF22"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.50",
              "versionEndIncluding": "7.53",
              "matchCriteriaId": "0DC0CEF3-7409-418E-9C9A-E75D8B290D57"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "341C07C1-2B4A-475D-B200-1021EB6B1F79"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D80CC30-EE05-439F-BF2C-1267837137DE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://launchpad.support.sap.com/#/notes/2698996",
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}