Critical severity9.8NVD Advisory· Published Oct 16, 2017· Updated May 13, 2026

CVE-2017-15293

Description

Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.

Affected products

SAP/Point Of Sale Xpress Server2 versions
cpe:2.3:a:sap:point_of_sale_xpress_server:1030:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:point_of_sale_xpress_server:1030:*:*:*:*:*:*:*
- cpe:2.3:a:sap:point_of_sale_xpress_server:1020:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100713nvdThird Party AdvisoryVDB Entry
blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/nvdIssue TrackingVendor Advisory
erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/nvd
erpscan.io/research/hacking-sap-pos/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000