CVE-2018-2363

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
sapnetweaver
-
sapbusiness_application_software_integrated_solution
7.00 ≤
𝑥
≤ 7.02
sapbusiness_application_software_integrated_solution
7.10 ≤
𝑥
≤ 7.11
sapbusiness_application_software_integrated_solution
7.50 ≤
𝑥
≤ 7.52
sapbusiness_application_software_integrated_solution
7.30
sapbusiness_application_software_integrated_solution
7.31
sapbusiness_application_software_integrated_solution
7.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102449
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
https://launchpad.support.sap.com/#/notes/1906212
https://launchpad.support.sap.com/#/notes/2525392
http://www.securityfocus.com/bid/102449
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
https://launchpad.support.sap.com/#/notes/1906212
https://launchpad.support.sap.com/#/notes/2525392