CVE-2018-2478

Опубликовано: 13 нояб. 2018

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the adm user. The commands executed depend upon the privileges of the adm user.

Ссылки

http://www.securityfocus.com/bid/105904
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2675696
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Vendor Advisory
http://www.securityfocus.com/bid/105904
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2675696
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:basis:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.02 (включая)

cpe:2.3:a:sap:basis:*:*:*:*:*:*:*:*

Версия от 7.10 (включая) до 7.11 (включая)

cpe:2.3:a:sap:basis:*:*:*:*:*:*:*:*

Версия от 7.50 (включая) до 7.53 (включая)

cpe:2.3:a:sap:basis:7.30:*:*:*:*:*:*:*

cpe:2.3:a:sap:basis:7.31:*:*:*:*:*:*:*

cpe:2.3:a:sap:basis:7.40:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.0036

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-wxfr-9w7h-p9c2

CVSS3: 7.2

github

больше 3 лет назад

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.

EPSS

Процентиль: 58%

0.0036

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo