CVE-2018-2363

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Business Application Software Integrated SolutionSAP SE SAP Netweaver
Timeline
PublishedJan 9
Latest updateMay 14

Description

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-m3pw-8r3j-w5gg: SAP NetWeaver, SAP BASIS from 72022-05-14
CVEList
CVE-2018-2363: SAP NetWeaver, SAP BASIS from 72018-01-09
CVE-2018-2363 (HIGH CVSS 8.8) | SAP NetWeaver | cvebase.io