SAP MaxDB/liveCache CVE-2018-2450 Unspecified SQL Injection Vulnerability

Bugtraq ID:	105063
Class:	Input Validation Error
CVE:	CVE-2018-2450
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Aug 14 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP MaxDB 7.9 SAP MaxDB 7.8
Not Vulnerable:

SAP MaxDB/liveCache CVE-2018-2450 Unspecified SQL Injection Vulnerability

SAP MaxDB is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SAP MaxDB (liveCache) 7.8 and 7.9 are vulnerable.

SAP MaxDB/liveCache CVE-2018-2450 Unspecified SQL Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

SAP MaxDB/liveCache CVE-2018-2450 Unspecified SQL Injection Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note # 2660005 (SAP)
  
• SAP Security Patch Day �?? August 2018 (SAP)