CVE-2018-2449
SAP SRM MDM Catalog in SAP NetWeaver 7.3 (versions 3.73, 7.31, 7.32) contains an authentication flaw in the import functionality that does not check credentials for a valid repository user. This creates an unauthenticated path that can be used on Windows to perform SMB relaying, effectively bypas...