CVE-2018-2478
published 2018-11-13CVE-2018-2478: An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11…
high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the adm user. The commands executed depend upon the privileges of the adm user.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | basis | — | — |
| sap | basis | — | — |
| sap | basis | — | — |
| sap | basis | 7.0 – 7.02 | — |
| sap | basis | 7.10 – 7.11 | — |
| sap | basis | 7.50 – 7.53 | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |