CVE-2018-2428 MEDIUM

CVE-2018-2428

Vendor Sap Se
Product SAP Infrastructure
Published June 12, 2018
Last update August 5, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.

Key dates

02Disclosure timeline

June 12, 2018 CVE published
August 5, 2024 Record updated