Design/Logic Flaw

2018-11-1320:29:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.

CPENameOperatorVersion
basiseq7.30
basiseq7.31
basiseq7.40
basisge7.50
basisle7.53
basisge7.10
basisle7.11
basisge7.0
basisle7.02

Name	Operator	Version
basis	eq	7.30
basis	eq	7.31
basis	eq	7.40
basis	ge	7.50
basis	le	7.53
basis	ge	7.10
basis	le	7.11
basis	ge	7.0
basis	le	7.02

References

www.securityfocus.com/bid/105904

launchpad.support.sap.com/

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832