CVE-2018-2362
First published: Tue Jan 09 2018(Updated: )
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP requests to the SAP Startup Service and disclose information such as the platform's hostname.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP HANA | =1.00 | |
| SAP HANA | =2.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-2362?
CVE-2018-2362 is a vulnerability in SAP HANA 1.00 and 2.00 that allows a remote unauthenticated attacker to disclose information such as the platform's hostname.
What is the severity of CVE-2018-2362?
The severity of CVE-2018-2362 is medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2018-2362?
An attacker can exploit CVE-2018-2362 by sending specially crafted SOAP requests to the SAP Startup Service.
Which versions of SAP HANA are affected by CVE-2018-2362?
CVE-2018-2362 affects SAP HANA 1.00 and 2.00.
Are there any references or resources for CVE-2018-2362?
Yes, you can find more information about CVE-2018-2362 at the following links: [1] http://www.securityfocus.com/bid/102452 [2] https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ [3] https://launchpad.support.sap.com/#/notes/2575750
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/sap
- canonical/sap hana
- version/sap hana/1.00
- version/sap hana/2.00