CVE-2018-2363
Summary
| CVE | CVE-2018-2363 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-01-09 15:29:00 UTC |
| Updated | 2018-01-29 13:04:00 UTC |
| Description | SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Business Application Software Integrated Solution | 7.30 | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | 7.31 | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | 7.40 | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | 7.30 | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | 7.31 | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | 7.40 | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | All | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | All | All | All | All |
| Application | Sap | Business Application Software Integrated Solution | All | All | All | All |
| Application | Sap | Netweaver | - | All | All | All |
| Application | Sap | Netweaver | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | CONFIRM | launchpad.support.sap.com | Permissions Required |
| launchpad.support.sap.com | CONFIRM | launchpad.support.sap.com | Permissions Required |
| SAP Security Patch Day – January 2018 | SAP Blogs | CONFIRM | blogs.sap.com | Vendor Advisory |
| SAP Netweaver CVE-2018-2363 Remote Code Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.