CVE-2018-2418

Опубликовано: 09 мая 2018

Источник: nvd

CVSS3: 5.5

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Ссылки

http://www.securityfocus.com/bid/104115
Third Party Advisory
VDB Entry
https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2610231
Permissions Required
Vendor Advisory
http://www.securityfocus.com/bid/104115
Third Party Advisory
VDB Entry
https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2610231
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:maxdb_odbc_driver:*:*:*:*:*:*:*:*

Версия до 7.9.09.07 (исключая)

EPSS

Процентиль: 65%

0.00492

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-rxg9-73c5-fc9f

CVSS3: 9.8

github

больше 3 лет назад

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

EPSS

Процентиль: 65%

0.00492

Низкий

5.5 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94