cvelistv5 - CVE-2018-2363

Source	URL	Tags
cna@sap.com	http://www.securityfocus.com/bid/102449	Third Party Advisory, VDB Entry
cna@sap.com	https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/	Vendor Advisory
cna@sap.com	https://launchpad.support.sap.com/#/notes/1906212	Permissions Required
cna@sap.com	https://launchpad.support.sap.com/#/notes/2525392	Permissions Required

Vendor	Product
SAP SE	SAP NetWeaver

var-201801-1264

Vulnerability from variot

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. Vendors have confirmed this vulnerability SAP Security Note 2525392 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. SAP Netweaver 7.00 through 7.02, 7.50 through 7.52, 7.10, 7.11, 7.30, 7.31, and 7.40 vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1264",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "business application software integrated solution",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "business application software integrated solution",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "business application software integrated solution",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "business application software integrated solution",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "business application software integrated solution",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "business application software integrated solution",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "business application software integrated solution",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.00"
      },
      {
        "model": "business application software integrated solution",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.50"
      },
      {
        "model": "business application software integrated solution",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.52"
      },
      {
        "model": "basis",
        "scope": null,
        "trust": 0.8,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver",
        "scope": null,
        "trust": 0.8,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.52"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.50"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.01"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.02",
                "versionStartIncluding": "7.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.11",
                "versionStartIncluding": "7.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.52",
                "versionStartIncluding": "7.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "102449"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-2363",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-2363",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-2363",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-2363",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-344",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. Vendors have confirmed this vulnerability SAP Security Note 2525392 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nSuccessful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. \nSAP Netweaver 7.00 through 7.02, 7.50 through 7.52, 7.10, 7.11, 7.30, 7.31, and 7.40 vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "BID",
        "id": "102449"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-2363",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "102449",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "id": "VAR-201801-1264",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.27111164
  },
  "last_update_date": "2023-12-18T13:19:16.866000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "January 2018 (2525392)",
        "trust": 0.8,
        "url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
      },
      {
        "title": "SAP NetWeaver Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77611"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://launchpad.support.sap.com/#/notes/2525392"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/102449"
      },
      {
        "trust": 1.6,
        "url": "https://launchpad.support.sap.com/#/notes/1906212"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2363"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-2363"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "102449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "102449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102449"
      },
      {
        "date": "2018-02-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "date": "2018-01-09T15:29:00.370000",
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "date": "2018-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102449"
      },
      {
        "date": "2018-02-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      },
      {
        "date": "2018-01-29T13:04:27.527000",
        "db": "NVD",
        "id": "CVE-2018-2363"
      },
      {
        "date": "2018-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP NetWeaver Code injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001368"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-344"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-2363

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

Aliases

CVE-2018-2363

Aliases

CVE-2018-2363

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-2363",
    "description": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.",
    "id": "GSD-2018-2363"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-2363"
      ],
      "details": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.",
      "id": "GSD-2018-2363",
      "modified": "2023-12-13T01:22:31.592318Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2018-2363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.00"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.02"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.10"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.11"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.30"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.31"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.40"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.50"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.52"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Code Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
            "refsource": "CONFIRM",
            "url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/1906212",
            "refsource": "CONFIRM",
            "url": "https://launchpad.support.sap.com/#/notes/1906212"
          },
          {
            "name": "102449",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102449"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2525392",
            "refsource": "CONFIRM",
            "url": "https://launchpad.support.sap.com/#/notes/2525392"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.02",
                "versionStartIncluding": "7.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.11",
                "versionStartIncluding": "7.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.52",
                "versionStartIncluding": "7.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2018-2363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2525392",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2525392"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/1906212",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/1906212"
            },
            {
              "name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
            },
            {
              "name": "102449",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102449"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-01-29T13:04Z",
      "publishedDate": "2018-01-09T15:29Z"
    }
  }
}

ghsa-m3pw-8r3j-w5gg

Vulnerability from github

Published

2022-05-14 03:48

Modified

2022-05-14 03:48

Severity

8.8 (High) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-2363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-09T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.",
  "id": "GHSA-m3pw-8r3j-w5gg",
  "modified": "2022-05-14T03:48:14Z",
  "published": "2022-05-14T03:48:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-2363"
    },
    {
      "type": "WEB",
      "url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/1906212"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2525392"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102449"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

CVE-2018-2363

Vulnerability from cvelistv5

var-201801-1264

Vulnerability from variot

gsd-2018-2363

Vulnerability from gsd

ghsa-m3pw-8r3j-w5gg

Vulnerability from github

Tags