CVE-2018-2452

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.6%
top 31.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SAP Netweaver AS JavaSAP Netweaver Application Server Java
Timeline
PublishedSep 11
Latest updateMay 13

Description

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap/sap_netweaver_as_java6 versions+5
NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-36v3-g68p-4xm4: The logon application of SAP NetWeaver AS Java 72022-05-13
CVEList
CVE-2018-2452: The logon application of SAP NetWeaver AS Java 72018-09-11
CVE-2018-2452 (MEDIUM CVSS 6.1) | The logon application of SAP NetWea | cvebase.io