← back
CVE-2018-2449

CVE-2018-2449

EPSS 1.6%
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
Affected products
SAP · SAP Supplier Relationship Management Master Data Management Catalog

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2655250https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742http://www.securityfocus.com/bid/105079