CVE-2018-2363

Summary

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver7.00affected
SAP SESAP NetWeaver7.02affected
SAP SESAP NetWeaver7.10affected
SAP SESAP NetWeaver7.11affected
SAP SESAP NetWeaver7.30affected
SAP SESAP NetWeaver7.31affected
SAP SESAP NetWeaver7.40affected
SAP SESAP NetWeaver7.50affected
SAP SESAP NetWeaver7.52affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References