SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104115 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2610231 | Permissions Required Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-05-09 20:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-2418
Mitre link : CVE-2018-2418
CVE.ORG link : CVE-2018-2418
JSON object : View
Products Affected
sap
- maxdb_odbc_driver
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')