CVE-2018-2462Improper Input Validation in SAP Netweaver BI

CWE-20Improper Input Validation4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver BISAP Netweaver
Timeline
PublishedSep 11
Latest updateMay 14

Description

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/netweaver5 versions+4
CVEListV5sap/sap_netweaver_bi5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-9w9j-vv88-g8fw: In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 72022-05-14
CVEList
CVE-2018-2462: In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 72018-09-11

💬Community

1
Bugzilla
CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)2019-08-02
CVE-2018-2462 — Improper Input Validation in SAP | cvebase