← Back to CVEs
CVE-2018-2449
N/ADescription
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
CVE Details
CVSS v3.1 ScoreN/A
Published8/14/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sap:supplier_relationship_management_mdm_catalog
Weaknesses (CWE)
CWE-287
References
http://www.securityfocus.com/bid/105079(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2655250(cna@sap.com)
http://www.securityfocus.com/bid/105079(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2655250(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.