CVE-2018-2450

Опубликовано: 14 авг. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.

Ссылки

http://www.securityfocus.com/bid/105063
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2660005
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Vendor Advisory
http://www.securityfocus.com/bid/105063
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2660005
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:maxdb:7.8:*:*:*:*:*:*:*

cpe:2.3:a:sap:maxdb:7.9:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00614

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-wc5w-8r86-c387