CVE-2017-15293
First published: Mon Oct 16 2017(Updated: )
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Point Of Sale Xpress Server | =1020 | |
| Sap Point Of Sale Xpress Server | =1030 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-15293?
CVE-2017-15293 is considered a critical vulnerability due to the lack of authentication in SAP POS Xpress Server, allowing unauthorized access.
How do I fix CVE-2017-15293?
To mitigate CVE-2017-15293, ensure you apply the latest security patches provided by SAP for the affected versions of SAP POS Xpress Server.
What are the affected versions for CVE-2017-15293?
CVE-2017-15293 affects SAP Point Of Sale Xpress Server versions 1020 and 1030.
What are the potential attacks from CVE-2017-15293?
CVE-2017-15293 allows attackers to perform unauthorized file read and erase operations, daemon shutdown, and terminal read operations.
Is authentication required for operations affected by CVE-2017-15293?
No, CVE-2017-15293 indicates that no authentication is required for the affected operations in SAP POS Xpress Server.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/sap
- canonical/sap point of sale xpress server
- version/sap point of sale xpress server/1020
- version/sap point of sale xpress server/1030