CVE-2018-2464 — Cross-site Scripting in SAP Webdynpro

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 38.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Webdynpro SAP Netweaver

Timeline

PublishedSep 11

Latest updateMay 14

Description

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap/sap_webdynpro5 versions+4

▶NVDsap/netweaver5 versions+4

🔴Vulnerability Details

GHSA

GHSA-wxc4-mxg9-7792: SAP WebDynpro Java, versions 7↗2022-05-14

▶

CVEList

CVE-2018-2464: SAP WebDynpro Java, versions 7↗2018-09-11

▶