Vulnerabilities > CVE-2018-2492 - XXE vulnerability in SAP Netweaver Application Server Java
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
HIGH Summary
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/106153
- http://www.securityfocus.com/bid/106153
- https://launchpad.support.sap.com/#/notes/2642680
- https://launchpad.support.sap.com/#/notes/2642680
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699