{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:02:03.463","vulnerabilities":[{"cve":{"id":"CVE-2018-2363","sourceIdentifier":"cna@sap.com","published":"2018-01-09T15:29:00.370","lastModified":"2024-11-21T04:03:40.973","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials."},{"lang":"es","value":"SAP NetWeaver y SAP BASIS, desde la versión 7.00 hasta la 7.02, desde la 7.10 a la 7.11, 7.30, 7.31, 7.40 y desde la versión 7.50 a la 7.52, contiene código que permite ejecutar código arbitrario del programa a elección del usuario. Un usuario malicioso puede, por lo tanto, controlar el comportamiento del sistema o escalar privilegios mediante la ejecución de código malicioso sin credenciales legítimas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*","matchCriteriaId":"CB7AAA9B-5209-4419-87DA-8130843AD2AF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*","versionStartIncluding":"7.00","versionEndIncluding":"7.02","matchCriteriaId":"CF38D1E1-E07F-4E51-AE76-E27E7CE4F55C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10","versionEndIncluding":"7.11","matchCriteriaId":"4CB61EF9-414F-4563-B091-3E9B708CAB1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:*:*:*:*:*:*:*:*","versionStartIncluding":"7.50","versionEndIncluding":"7.52","matchCriteriaId":"D90BE6E0-559E-4509-95EA-CB820611E16D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:7.30:*:*:*:*:*:*:*","matchCriteriaId":"990D5985-7828-4D8C-9463-CA077AB3881E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:7.31:*:*:*:*:*:*:*","matchCriteriaId":"341C07C1-2B4A-475D-B200-1021EB6B1F79"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_application_software_integrated_solution:7.40:*:*:*:*:*:*:*","matchCriteriaId":"4D80CC30-EE05-439F-BF2C-1267837137DE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/102449","source":"cna@sap.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/1906212","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://launchpad.support.sap.com/#/notes/2525392","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"http://www.securityfocus.com/bid/102449","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/1906212","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://launchpad.support.sap.com/#/notes/2525392","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}