CVE-2018-2478

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
sapbasis
7.0 ≤
𝑥
≤ 7.02
sapbasis
7.10 ≤
𝑥
≤ 7.11
sapbasis
7.50 ≤
𝑥
≤ 7.53
sapbasis
7.30
sapbasis
7.31
sapbasis
7.40
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/105904
https://launchpad.support.sap.com/#/notes/2675696
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
http://www.securityfocus.com/bid/105904
https://launchpad.support.sap.com/#/notes/2675696
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832