CVE-2018-2492
published 2018-12-11CVE-2018-2492: SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2…
high7.1CVSS 3.1
AVNACLPRLUINSUCNILAH
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | netweaver_application_server_java | — | — |
| sap | sap_netweaver_application_server | — | — |
| sap | sap_netweaver_application_server | — | — |
| sap | sap_netweaver_application_server | — | — |
| sap | sap_netweaver_application_server | — | — |