CVE-2018-2478

2018-11-1320:00:00

sap

www.cve.org

0.002 Low

EPSS

Percentile

61.3%

JSON

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.

CNA Affected

[
  {
    "product": "SAP Basis (TREX / BWA installation)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "= 7.0 to 7.02"
      },
      {
        "status": "affected",
        "version": "= 7.10 to 7.11"
      },
      {
        "status": "affected",
        "version": "= 7.30"
      },
      {
        "status": "affected",
        "version": "= 7.31"
      },
      {
        "status": "affected",
        "version": "= 7.40"
      },
      {
        "status": "affected",
        "version": "= 7.50 to 7.53"
      }
    ]
  }
]