CVE-2018-2418 MEDIUM

CVE-2018-2418

Vendor Sap Se
Product SAP MaxDB ODBC driver
Published May 9, 2018
Last update August 5, 2024

CVSS base score

5.5/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Key dates

02Disclosure timeline

May 9, 2018 CVE published
August 5, 2024 Record updated