SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/106153 | Third Party Advisory VDB Entry |
| https://launchpad.support.sap.com/#/notes/2642680 | Permissions Required |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Apr 2021, 19:21
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:* |
cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:* |
| CWE | CWE-611 |
Information
Published : 2018-12-11 22:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-2492
Mitre link : CVE-2018-2492
CVE.ORG link : CVE-2018-2492
JSON object : View
Products Affected
sap
- netweaver_application_server_java
CWE
CWE-611
Improper Restriction of XML External Entity Reference