Vulnerability CVE-2018-2492
Published: 2018-12-11

Description:
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
SAP -> Netweaver 

 References:
http://www.securityfocus.com/bid/106153
https://launchpad.support.sap.com/#/notes/2642680
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
Copyright 2024, cxsecurity.com

 

Back to Top