CVE-2018-2363

EUVD-2018-14218
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
sapnetweaver
-
sapbusiness_application_software_integrated_solution
7.00 ≤
𝑥
≤ 7.02
sapbusiness_application_software_integrated_solution
7.10 ≤
𝑥
≤ 7.11
sapbusiness_application_software_integrated_solution
7.50 ≤
𝑥
≤ 7.52
sapbusiness_application_software_integrated_solution
7.30
sapbusiness_application_software_integrated_solution
7.31
sapbusiness_application_software_integrated_solution
7.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102449
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
https://launchpad.support.sap.com/#/notes/1906212
https://launchpad.support.sap.com/#/notes/2525392
http://www.securityfocus.com/bid/102449
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
https://launchpad.support.sap.com/#/notes/1906212
https://launchpad.support.sap.com/#/notes/2525392