CVE-2018-2478 Information

Description

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation SAP Basis versions: 7.0 to 7.02 7.10 to 7.11 7.30 7.31 7.40 and 7.50 to 7.53. Not all commands are possible only those that can be executed by the sidadm user. The commands executed depend upon the privileges of the sidadm user.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/105904 https://launchpad.support.sap.com//notes/2675696 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2