SAML 2.0 Vulnerability in SAP NetWeaver AS Java Affects Security of XML Document Validation
CVE-2018-2492

7.1HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server (java Library)
Vendor: CVE Published:; 11 December 2018

Summary

The SAML 2.0 functionality in SAP NetWeaver AS Java fails to adequately validate XML documents originating from untrusted sources. This flaw could potentially allow an attacker to exploit the system, leading to various security risks. SAP has addressed this issue in versions 7.2, 7.30, 7.31, 7.40, and 7.50 to improve security and safeguard against unauthorized access.

Affected Version(s)

SAP NetWeaver Application Server (Java Library) = 7.20 = 7.20

SAP NetWeaver Application Server (Java Library) = 7.30 = 7.30

SAP NetWeaver Application Server (Java Library) = 7.31 = 7.31

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2642680

x_refsource_MISC

http://www.securityfocus.com/bid/106153

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2018
Vulnerability Reserved
Dec 15, 2017

.

🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.