Vulnerability Details CVE-2018-2363
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/102449
- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
- https://launchpad.support.sap.com/#/notes/1906212
- https://launchpad.support.sap.com/#/notes/2525392
- http://www.securityfocus.com/bid/102449
- https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
- https://launchpad.support.sap.com/#/notes/1906212
- https://launchpad.support.sap.com/#/notes/2525392
Products affected by CVE-2018-2363
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.00
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.01
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.02
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.10
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.11
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.30
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.31
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.40
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.50
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.51
-
cpe:2.3:a:sap:business_application_software_integrated_solution:7.52
-
cpe:2.3:a:sap:netweaver:-