Vulnerabilities > CVE-2018-2478 - Unspecified vulnerability in SAP Basis
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
References
- http://www.securityfocus.com/bid/105904
- http://www.securityfocus.com/bid/105904
- https://launchpad.support.sap.com/#/notes/2675696
- https://launchpad.support.sap.com/#/notes/2675696
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832