CVE-2018-2470

Summary

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAPSAP NetWeaver Application Server for ABAPfrom 7.0 to 7.02affected
SAPSAP NetWeaver Application Server for ABAP7.30affected
SAPSAP NetWeaver Application Server for ABAP7.31affected
SAPSAP NetWeaver Application Server for ABAP7.40affected
SAPSAP NetWeaver Application Server for ABAPfrom 7.50 to 7.53affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References