Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-2363

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

Published

2018-01-09T15:29:00.370

Last Modified

2024-11-21T04:03:40.973

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-94
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver - Yes
Application sap business_application_software_integrated_solution ≤ 7.02 Yes
Application sap business_application_software_integrated_solution ≤ 7.11 Yes
Application sap business_application_software_integrated_solution ≤ 7.52 Yes
Application sap business_application_software_integrated_solution 7.30 Yes
Application sap business_application_software_integrated_solution 7.31 Yes
Application sap business_application_software_integrated_solution 7.40 Yes
References