CVE-2018-2418

5.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Maxdb Odbc Driver
Vendor: CVE Published:; 9 May 2018

Summary

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Affected Version(s)

SAP MaxDB ODBC driver all versions before 7.9.09.07

References

https://blogs.sap.com/2018/05/08/sap-security-patch-day-m...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2610231

x_refsource_MISC

http://www.securityfocus.com/bid/104115

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 9, 2018
Vulnerability Reserved
Dec 15, 2017