SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/102449 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/1906212 | Permissions Required |
https://launchpad.support.sap.com/#/notes/2525392 | Permissions Required |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2018-01-09 15:29
Updated : 2024-02-28 16:04
NVD link : CVE-2018-2363
Mitre link : CVE-2018-2363
CVE.ORG link : CVE-2018-2363
JSON object : View
Products Affected
sap
- netweaver
- business_application_software_integrated_solution
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')