CVE-2018-2478

3 documents3 sources

Severity

7.2HIGH

EPSS

0.3%

top 46.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Basis SAP SAP Basis (trex / BWA Installation)

Timeline

PublishedNov 13

Latest updateMay 13

Description

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the adm user. The commands executed depend upon the privileges of the adm user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap/sap_basis_(trex_/_bwa_installation)6 versions+5

▶NVDsap/basis7.0 — 7.02+5

🔴Vulnerability Details

GHSA

GHSA-wxfr-9w7h-p9c2: An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7↗2022-05-13

▶

CVEList

CVE-2018-2478: An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7↗2018-11-13

▶