CVE-2018-2492

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.3%
top 46.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SAP Netweaver Application Server (java Library)SAP Netweaver Application Server Java
Timeline
PublishedDec 11
Latest updateMay 13

Description

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDsap/netweaver_application5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-p72f-5p6w-9jjp: SAML 22022-05-13
CVEList
CVE-2018-2492: SAML 22018-12-11
CVE-2018-2492 (HIGH CVSS 7.1) | SAML 2.0 functionality in SAP NetWe | cvebase.io