CVE-2018-2492

7.1HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server (java Library)
Vendor: CVE Published:; 11 December 2018

Summary

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

Affected Version(s)

SAP NetWeaver Application Server (Java Library) = 7.20 = 7.20

SAP NetWeaver Application Server (Java Library) = 7.30 = 7.30

SAP NetWeaver Application Server (Java Library) = 7.31 = 7.31

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2642680

x_refsource_MISC

http://www.securityfocus.com/bid/106153

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2018
Vulnerability Reserved
Dec 15, 2017