CVE-2018-2460 Detail Current Description SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.

View Analysis Description Analysis Description SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 5.9 MEDIUM Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 4.3 MEDIUM Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) Weakness Enumeration CWE-ID CWE Name Source CWE-295 Improper Certificate Validation NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 2 change records found show changes Initial Analysis 11/16/2018 12:31:34 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:sap:business_one:1.2:*:*:*:*:android:*:*



Added CVSS V2 (AV:N/AC:M/Au:N/C:P/I:N/A:N)



Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N



Added CWE CWE-295



Changed Reference Type http://www.securityfocus.com/bid/105309 No Types Assigned



http://www.securityfocus.com/bid/105309 Third Party Advisory, VDB Entry



Changed Reference Type https://launchpad.support.sap.com/#/notes/2682503 No Types Assigned



https://launchpad.support.sap.com/#/notes/2682503 Permissions Required, Vendor Advisory



Changed Reference Type https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 No Types Assigned



https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 Vendor Advisory



CVE Modified by MITRE 9/12/2018 6:29:04 AM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/105309 [No Types Assigned]



Quick Info CVE Dictionary Entry:

CVE-2018-2460

NVD Published Date:

09/11/2018

NVD Last Modified:

11/16/2018

Source:

MITRE

