What is CVE-2018-2450?

CVE-2018-2450 is a high-severity vulnerability in Sap Maxdb, classified under SQL Injection. CVSS score: 7.2/10. Published 2018-08-14.

How severe is CVE-2018-2450?

High severity. CVSS v3 base score is 7.2 out of 10.

SQL Injection in Sap Maxdb

CVE-2018-2450

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.

Vulnerability class: SQL Injection

EPSS: 0.017 (74.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sap Maxdb — versions 7.8, 7.9
Sap Maxdb (Livecache) — versions 7.8, 7.9

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
cna@sap.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cna@sap.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2018-2450?: CVE-2018-2450 is a high-severity vulnerability in Sap Maxdb, classified under SQL Injection. CVSS score: 7.2/10. Published 2018-08-14.
How severe is CVE-2018-2450?: High severity. CVSS v3 base score is 7.2 out of 10.