Vulnerability Description
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Basis | >= 7.0, <= 7.02 |
References
- http://www.securityfocus.com/bid/105904Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2675696Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832Vendor Advisory
- http://www.securityfocus.com/bid/105904Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2675696Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832Vendor Advisory
FAQ
What is CVE-2018-2478?
CVE-2018-2478 is a vulnerability with a CVSS score of 7.2 (HIGH). An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all co...
How severe is CVE-2018-2478?
CVE-2018-2478 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2478?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Basis.