CVE-2018-2503

Summary

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50).

Affected Software

VendorProductVersion RangeStatus
SAPSAP NetWeaver AS Java (ServerCore)= 7.11affected
SAPSAP NetWeaver AS Java (ServerCore)= 7.20affected
SAPSAP NetWeaver AS Java (ServerCore)= 7.30affected
SAPSAP NetWeaver AS Java (ServerCore)= 7.31affected
SAPSAP NetWeaver AS Java (ServerCore)= 7.40affected
SAPSAP NetWeaver AS Java (ServerCore)= 7.50affected

Weaknesses

  • Missing Authentication

ADP Enrichment

CVE Program Container

Additional References

References