CVE-2018-2363
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
SAP NetWeaver y SAP BASIS, desde la versión 7.00 hasta la 7.02, desde la 7.10 a la 7.11, 7.30, 7.31, 7.40 y desde la versión 7.50 a la 7.52, contiene código que permite ejecutar código arbitrario del programa a elección del usuario. Un usuario malicioso puede, por lo tanto, controlar el comportamiento del sistema o escalar privilegios mediante la ejecución de código malicioso sin credenciales legítimas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-15 CVE Reserved
- 2018-01-09 CVE Published
- 2023-04-20 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102449 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018 | 2018-01-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | - | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | >= 7.00 <= 7.02 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version " >= 7.00 <= 7.02" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | >= 7.10 <= 7.11 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version " >= 7.10 <= 7.11" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | >= 7.50 <= 7.52 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version " >= 7.50 <= 7.52" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | 7.30 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | 7.31 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Application Software Integrated Solution Search vendor "Sap" for product "Business Application Software Integrated Solution" | 7.40 Search vendor "Sap" for product "Business Application Software Integrated Solution" and version "7.40" | - |
Affected
| ||||||