CVE-2018-2424

Summary

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

Affected Software

VendorProductVersion RangeStatus
SAP SESAP HANA Database1.0affected
SAP SESAP HANA Database2.0affected
SAP SESAP UI51.0affected
SAP SESAP UI5(Java)7.3affected
SAP SESAP UI5(Java)7.31affected
SAP SESAP UI5(Java)7.40affected
SAP SESAP UI5(Java)7.50affected
SAP SESAP UI7.40affected
SAP SESAP UI7.50affected
SAP SESAP UI7.51affected
SAP SESAP UI7.52affected
SAP SESAP UI for SAP NetWeaver 7.002.0affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References