Vulnerabilities > CVE-2018-2478 - Unspecified vulnerability in SAP Basis

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2018-11-13

Updated: 2020-08-24

Summary

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Basis 7.30 SAP Basis 7.31 SAP Basis 7.40 SAP Basis 7.50 SAP Basis 7.51 SAP Basis 7.52 SAP Basis 7.53 SAP Basis 7.10 SAP Basis 7.11 SAP Basis 7.0 SAP Basis 7.00 SAP Basis 7.01 SAP Basis 7.02	13

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
https://launchpad.support.sap.com/#/notes/2675696
http://www.securityfocus.com/bid/105904