← Back

CVE-2018-2424

nvd nist
Published: Jun 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

Affected (12)

Sap
4 products
Hana Database
Ui
Ui5
Ui5 Java
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Hana Database
Version 1.00
Hana Database
Version 2.00
Sap
Ui
Version 2.0
Ui
Version 7.40
Ui
Version 7.50
Ui
Version 7.51
Ui
Version 7.52
Ui5
Version 1.00
Sap
Ui5 Java
Version 7.30
Ui5 Java
Version 7.31
Ui5 Java
Version 7.40
Ui5 Java
Version 7.50

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.