Sign-up

ID

VAR-201808-0802


CVE

CVE-2018-2450


TITLE

SAP MaxDB In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009019

DESCRIPTION

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. SAP MaxDB (liveCache) Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP MaxDB is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP MaxDB (liveCache) 7.8 and 7.9 are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-2450 // JVNDB: JVNDB-2018-009019 // BID: 105063

AFFECTED PRODUCTS

vendor:sapmodel:maxdbscope:eqversion:7.9

Trust: 2.7

vendor:sapmodel:maxdbscope:eqversion:7.8

Trust: 2.7

sources: BID: 105063 // JVNDB: JVNDB-2018-009019 // CNNVD: CNNVD-201808-427 // NVD: CVE-2018-2450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-2450
value: HIGH

Trust: 1.0

NVD: CVE-2018-2450
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-427
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-2450
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-2450
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-009019 // CNNVD: CNNVD-201808-427 // NVD: CVE-2018-2450

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2018-009019 // NVD: CVE-2018-2450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-427

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201808-427

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009019

PATCH
title:SAP Security Patch Day - August 2018url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Trust: 0.8
title:SAP MaxDB(liveCache Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83883
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009019 // 
            
            
            
            CNNVD: CNNVD-201808-427

EXTERNAL IDS
db:NVDid:CVE-2018-2450
Trust: 2.7
db:BIDid:105063
Trust: 1.3
db:JVNDBid:JVNDB-2018-009019
Trust: 0.8
db:CNNVDid:CNNVD-201808-427
Trust: 0.6
sources:
            
            
            BID: 105063 // 
            
            
            
            JVNDB: JVNDB-2018-009019 // 
            
            
            
            CNNVD: CNNVD-201808-427 // 
            
            
            
            NVD: CVE-2018-2450

REFERENCES
url:https://launchpad.support.sap.com/#/notes/2660005
Trust: 1.9
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499352742
Trust: 1.9
url:http://www.securityfocus.com/bid/105063
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2450
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-2450
Trust: 0.8
url:http://www.sap.com
Trust: 0.3
sources:
            
            
            BID: 105063 // 
            
            
            
            JVNDB: JVNDB-2018-009019 // 
            
            
            
            CNNVD: CNNVD-201808-427 // 
            
            
            
            NVD: CVE-2018-2450

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105063

SOURCES
db:BIDid:105063
db:JVNDBid:JVNDB-2018-009019
db:CNNVDid:CNNVD-201808-427
db:NVDid:CVE-2018-2450

LAST UPDATE DATE
2024-11-23T22:26:14.435000+00:00

SOURCES UPDATE DATE
db:BIDid:105063date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009019date:2018-11-06T00:00:00
db:CNNVDid:CNNVD-201808-427date:2018-08-17T00:00:00
db:NVDid:CVE-2018-2450date:2024-11-21T04:03:50.223

SOURCES RELEASE DATE
db:BIDid:105063date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009019date:2018-11-06T00:00:00
db:CNNVDid:CNNVD-201808-427date:2018-08-14T00:00:00
db:NVDid:CVE-2018-2450date:2018-08-14T16:29:01.553