CVE-2018-2418
Summary
| CVE | CVE-2018-2418 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-09 20:29:00 UTC |
| Updated | 2019-10-09 23:40:00 UTC |
| Description | SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Maxdb Odbc Driver | All | All | All | All |
| Application | Sap | Maxdb Odbc Driver | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SAP MaxDB ODBC Driver CVE-2018-2418 Unspecified Remote Code Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required, Vendor Advisory |
| SAP Security Patch Day – May 2018 | SAP Blogs | CONFIRM | blogs.sap.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.