{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T23:51:30.607","vulnerabilities":[{"cve":{"id":"CVE-2018-2478","sourceIdentifier":"cna@sap.com","published":"2018-11-13T20:29:00.467","lastModified":"2024-11-21T04:03:53.387","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user."},{"lang":"es","value":"Un atacante puede emplear entradas especialmente manipuladas para ejecutar comandos en el host de una instalación TREX/BWA, SAP Basis, en versiones 7.0 a 7.02, 7.10 a 7.11, 7.30, 7.31, 7.40 y 7.50 a 7.53. No todos los comandos son posibles, solo aquellos que puedan ser ejecutados por el usuario adm. Los comandos ejecutados dependen de los privilegios del usuario adm."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:basis:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndIncluding":"7.02","matchCriteriaId":"3D94BA10-F223-491A-860C-B216D4AADD7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:basis:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10","versionEndIncluding":"7.11","matchCriteriaId":"C1A08E1F-37DD-4370-9474-C9BA6D383B95"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:basis:*:*:*:*:*:*:*:*","versionStartIncluding":"7.50","versionEndIncluding":"7.53","matchCriteriaId":"FC4BC169-0D98-4C9D-9DC3-68435E388B27"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:basis:7.30:*:*:*:*:*:*:*","matchCriteriaId":"4E399E1C-36C2-429B-8C2D-074ADBFA2DAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:basis:7.31:*:*:*:*:*:*:*","matchCriteriaId":"1AC2D764-A795-4FBC-95AF-D212B8E51991"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:basis:7.40:*:*:*:*:*:*:*","matchCriteriaId":"B469CB1A-3AF3-4824-A185-A46A63DBABBE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105904","source":"cna@sap.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://launchpad.support.sap.com/#/notes/2675696","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105904","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://launchpad.support.sap.com/#/notes/2675696","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}