User Input Validation Flaw in SAP UI5 and Related Components
CVE-2018-2424
9.8CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 June 2018
What is CVE-2018-2424?
The vulnerability in SAP UI5 arises from the lack of proper validation of user input before it is incorporated into the Document Object Model (DOM). This oversight allows attackers to insert malicious JavaScript code that could potentially exfiltrate sensitive user information. The impact of this vulnerability is heightened due to its presence in multiple SAP components, including SAP Hana Database and various versions of SAP UI5 and UI.
Affected Version(s)
SAP HANA Database 1.0
SAP HANA Database 2.0
SAP UI 7.40