var-201801-1264
Vulnerability from variot
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. Vendors have confirmed this vulnerability SAP Security Note 2525392 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. SAP Netweaver 7.00 through 7.02, 7.50 through 7.52, 7.10, 7.11, 7.30, 7.31, and 7.40 vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "business application software integrated solution",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.40"
},
{
"model": "business application software integrated solution",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.30"
},
{
"model": "business application software integrated solution",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.31"
},
{
"model": "business application software integrated solution",
"scope": "gte",
"trust": 1.0,
"vendor": "sap",
"version": "7.10"
},
{
"model": "business application software integrated solution",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.02"
},
{
"model": "business application software integrated solution",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.11"
},
{
"model": "business application software integrated solution",
"scope": "gte",
"trust": 1.0,
"vendor": "sap",
"version": "7.00"
},
{
"model": "business application software integrated solution",
"scope": "gte",
"trust": 1.0,
"vendor": "sap",
"version": "7.50"
},
{
"model": "business application software integrated solution",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.52"
},
{
"model": "basis",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.52"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.50"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.40"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.11"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.10"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.01"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "102449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.02",
"versionStartIncluding": "7.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.11",
"versionStartIncluding": "7.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.52",
"versionStartIncluding": "7.50",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-2363"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "102449"
}
],
"trust": 0.3
},
"cve": "CVE-2018-2363",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-2363",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-2363",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-2363",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-344",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user\u0027s choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. Vendors have confirmed this vulnerability SAP Security Note 2525392 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nSuccessful exploits may allow an attacker to inject and run arbitrary code or obtain sensitive information that may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. \nSAP Netweaver 7.00 through 7.02, 7.50 through 7.52, 7.10, 7.11, 7.30, 7.31, and 7.40 vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "BID",
"id": "102449"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-2363",
"trust": 2.7
},
{
"db": "BID",
"id": "102449",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001368",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "102449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"id": "VAR-201801-1264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T13:19:16.866000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "January 2018 (2525392)",
"trust": 0.8,
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"title": "SAP NetWeaver Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77611"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "NVD",
"id": "CVE-2018-2363"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://launchpad.support.sap.com/#/notes/2525392"
},
{
"trust": 1.9,
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/102449"
},
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/1906212"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2363"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-2363"
},
{
"trust": 0.3,
"url": "http://www.sap.com/"
}
],
"sources": [
{
"db": "BID",
"id": "102449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "102449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102449"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"date": "2018-01-09T15:29:00.370000",
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"date": "2018-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102449"
},
{
"date": "2018-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001368"
},
{
"date": "2018-01-29T13:04:27.527000",
"db": "NVD",
"id": "CVE-2018-2363"
},
{
"date": "2018-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver Code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-344"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.