CVE-2018-2369

EPSS 1.5%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 feb 2018Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory.

Productos afectados

SAP SE · SAP HANA

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/https://launchpad.support.sap.com/#/notes/2572940 http://www.securityfocus.com/bid/102997