7.02

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2018-08-14

Updated: 2020-08-24

Summary

Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Supplier Relationship Management MDM Catalog 3.0 SAP Supplier Relationship Management MDM Catalog 7.01 SAP Supplier Relationship Management MDM Catalog 7.02	3

References

http://www.securityfocus.com/bid/105077
https://launchpad.support.sap.com/#/notes/2653846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742