CVE-2018-2481

2018-11-1320:00:00

sap

www.cve.org

0.002 Low

EPSS

Percentile

64.5%

JSON

In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.

CNA Affected

[
  {
    "product": "SAP_ABA",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "= 7.00 to 7.02"
      },
      {
        "status": "affected",
        "version": "= 7.10 to 7.11"
      },
      {
        "status": "affected",
        "version": "= 7.30"
      },
      {
        "status": "affected",
        "version": "= 7.31"
      },
      {
        "status": "affected",
        "version": "= 7.40"
      },
      {
        "status": "affected",
        "version": "= 7.50"
      },
      {
        "status": "affected",
        "version": "= 7.5C"
      },
      {
        "status": "affected",
        "version": "= 7.5D"
      }
    ]
  }
]