CVE-2018-18984: Vulnerability exists in the ‘SAP Portal Server’ component of SAP CX. An attacker may leverage a specially crafted request that results in an out-of-boundary write, which may allow execution of arbitrary code. A remote attacker may leverage the SIP communication channel to send a specially crafted request to the SAP CX system and may cause an out-of-boundary write, which may allow execution of arbitrary code.
CVE-2018-18988: Vulnerability exists in the ‘SAP Portal Server’ component of SAP CX. An attacker may leverage a specially crafted request that results in an out-of-boundary write, which may allow execution of arbitrary code. A remote attacker may leverage the SIP communication channel to send a specially crafted request to the SAP CX system and may cause an out-of-boundary write, which may allow execution of arbitrary code.
CVE-2018-18993: Vulnerability exists in the ‘SAP Portal Server’ component of SAP CX. An attacker may leverage a specially crafted request that results in an out-of-boundary write, which may allow execution of arbitrary code. A remote attacker may leverage the SIP communication channel to send a specially crafted request to the SAP CX system and may cause an out-of-boundary write, which may allow execution of arbitrary code.
CVE-2018-18
Table of Contents
- Introduction
- What is a Vulnerability?
- How to avoid vulnerabilities
- Introduction to CVE and its impact on SAP systems
- Examples of vulnerabilities in SAP CX products
- Conclusion
Summary
The following vulnerabilities have been identified in SAP CX components: CVE-2018-18984, CVE-2018-18988, CVE-2018-18993. They're all related to the SIP communication channel and may allow an attacker to execute arbitrary code on the targeted system.
Timeline
Published on: 10/06/2022 18:16:00 UTC
Last modified on: 10/06/2022 23:44:00 UTC