Content Spoofing Vulnerability in SAP NetWeaver and UI Technology
CVE-2018-2434
4.3MEDIUM
Key Information:
- Vendor
SAP
- Status
- Vendor
- CVE Published:
- 10 July 2018
What is CVE-2018-2434?
A content spoofing issue exists in multiple components of the SAP NetWeaver platform, which can render HTML pages with arbitrary plain text content. This can mislead users, as they may perceive manipulated information as legitimate. The vulnerability is present in several implementations, including UI add-ons and versions of SAP User Interface Technology, but does not allow for the embedding of active content such as JavaScript or hyperlinks, minimizing immediate exploitation risks.
Affected Version(s)
SAP NetWeaver = 7.0
SAP NetWeaver (UI_Infra) = 1.0
SAP UI Implementation for Decoupled Innovations (UI_700) = 2.0