SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/102449 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/1906212 | Permissions Required |
https://launchpad.support.sap.com/#/notes/2525392 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2018-01-09T15:00:00
Updated: 2018-01-11T10:57:01
Reserved: 2017-12-15T00:00:00
Link: CVE-2018-2363
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-09T15:29:00.370
Modified: 2018-01-29T13:04:27.527
Link: CVE-2018-2363
JSON object: View
Redhat Information
No data.
CWE