CVE-2018-2428

4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 56.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

SAP SE SAP Infrastructure SAP SE SAP UI SAP SE SAP UI FOR SAP Netweaver 7.00 +2 more

Timeline

PublishedJun 12

Latest updateMay 13

Description

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDsap/infrastructure1.0

▶CVEListV5sap_se/sap_infrastructure1.0

▶CVEListV5sap_se/sap_ui_for_sap_netweaver_7.002.0

▶NVDsap/ui5 versions+4

▶CVEListV5sap_se/sap_ui4 versions+3

🔴Vulnerability Details

2

GHSA

GHSA-mw4m-pqh2-36x9: Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted↗2022-05-13

▶

CVEList

CVE-2018-2428: Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted↗2018-06-12

▶

💬Community

1

Bugzilla

CVE-2018-10912 keycloak: infinite loop in session replacement leading to denial of service↗2018-07-23

▶

CVE-2018-2428 (MEDIUM CVSS 5.3) | Under certain conditions SAP UI5 Ha | cvebase.io