CVE-2018-2478

Published: Nov 13, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.

Affected (6)

Products: Sap: Basis

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sap Basis	From 7.0 to 7.02
Sap Basis	From 7.10 to 7.11
Sap Basis	From 7.50 to 7.53
Sap Basis	Version 7.30
Sap Basis	Version 7.31
Sap Basis	Version 7.40

References (6)

http://www.securityfocus.com/bid/105904

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2675696

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832

Source: cna@sap.com

Vendor Advisory

http://www.securityfocus.com/bid/105904

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2675696

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.