CVE-2018-2462

Summary

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

Affected Software

VendorProductVersion RangeStatus
SAPSAP NetWeaver BI= 7.30affected
SAPSAP NetWeaver BI= 7.31affected
SAPSAP NetWeaver BI= 7.40affected
SAPSAP NetWeaver BI= 7.41affected
SAPSAP NetWeaver BI= 7.50affected

Weaknesses

  • XML Validation

ADP Enrichment

CVE Program Container

Additional References

References