CVE-2018-2478

Name of the Vulnerable Software and Affected Versions SAP Basis versions 7.0 through 7.02 SAP Basis versions 7.10 through 7.11 SAP Basis version 7.30 SAP Basis version 7.31 SAP Basis version 7.40 SAP Basis versions 7.50 through 7.53

Description An issue allows an attacker to execute commands on the host of a TREX / BWA installation using specially crafted inputs. The commands that can be executed are limited to those that can be run by the sidadm user, and the specific commands depend on the privileges of the sidadm user.

Recommendations For SAP Basis versions 7.0 through 7.02, update to a version outside of this range to resolve the issue. For SAP Basis versions 7.10 through 7.11, update to a version outside of this range to resolve the issue. For SAP Basis version 7.30, update to a version outside of this range to resolve the issue. For SAP Basis version 7.31, update to a version outside of this range to resolve the issue. For SAP Basis version 7.40, update to a version outside of this range to resolve the issue. For SAP Basis versions 7.50 through 7.53, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the privileges of the sidadm user to minimize the risk of exploitation.