Overview
- Description
- SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 5.8
- Exploitability score
- 3.1
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:marketing:130:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55DA5840-6B84-4FF9-9664-71B010ADA326"
},
{
"criteria": "cpe:2.3:a:sap:marketing:140:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1B91293-3048-40D4-9965-D39DDB7D54A2"
},
{
"criteria": "cpe:2.3:a:sap:marketing:150:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC26B263-A573-46AF-A30E-DF2947F8DEAA"
}
],
"operator": "OR"
}
]
}
]