7.2

CVE-2018-2478

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPBasis Version >= 7.0 <= 7.02
SAPBasis Version >= 7.10 <= 7.11
SAPBasis Version >= 7.50 <= 7.53
SAPBasis Version7.30
SAPBasis Version7.31
SAPBasis Version7.40
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.579
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
http://www.securityfocus.com/bid/105904
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2675696
Vendor Advisory
Permissions Required