SRM-MDM Catalog
by SAP
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-2449 | Hig | 0.56 | 8.6 | 0.02 | Aug 14, 2018 | SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | ||
| CVE-2018-2448 | Med | 0.35 | 5.3 | 0.01 | Aug 14, 2018 | Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. | ||
| CVE-2019-0361 | 0.00 | — | 0.01 | Sep 10, 2019 | SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. |
- risk 0.56cvss 8.6epss 0.02
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
- risk 0.35cvss 5.3epss 0.01
Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.
- CVE-2019-0361Sep 10, 2019risk 0.00cvss —epss 0.01
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.