Vulnerabilities > CVE-2018-2361 - Incorrect Authorization vulnerability in SAP Solution Manager 7.20

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sap

CWE-863

NVD

Published: 2018-01-09

Updated: 2019-10-03

Summary

In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Solution Manager 7.20	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://www.securityfocus.com/bid/102450
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
https://launchpad.support.sap.com/#/notes/2507934