CyberSec.Space Logo
Back to CVE Browser

CVE-2018-2363

HIGH
8.8
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile41.48th
PublishedJan 9, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

Affected Platforms (CPE)

πŸ“¦
Sap

Netweaver

All versions
πŸ“¦
Sap

Business Application Software Integrated Solution

>= 7.00 and <= 7.02
πŸ“¦
Sap

Business Application Software Integrated Solution

>= 7.10 and <= 7.11
πŸ“¦
Sap

Business Application Software Integrated Solution

>= 7.50 and <= 7.52
πŸ“¦
Sap

Business Application Software Integrated Solution

= 7.30
πŸ“¦
Sap

Business Application Software Integrated Solution

= 7.31
πŸ“¦
Sap

Business Application Software Integrated Solution

= 7.40

References & Advisories

πŸ”— http://www.securityfocus.com/bid/102449
πŸ”— https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
πŸ”— https://launchpad.support.sap.com/#/notes/1906212
πŸ”— https://launchpad.support.sap.com/#/notes/2525392
πŸ”— http://www.securityfocus.com/bid/102449
πŸ”— https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/
πŸ”— https://launchpad.support.sap.com/#/notes/1906212
πŸ”— https://launchpad.support.sap.com/#/notes/2525392

Related Vulnerabilities

CVE-2020-2682910.0

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections fro...

CVE-2010-532610.0

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, whic...

CVE-2020-628710.0

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which...

CVE-2012-434110.0

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of serv...