CVE-2018-2477

Summary

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

Affected Software

VendorProductVersion RangeStatus
SAPKnowledge Management (XMLForms) in SAP NetWeaver= 7.30affected
SAPKnowledge Management (XMLForms) in SAP NetWeaver= 7.31affected
SAPKnowledge Management (XMLForms) in SAP NetWeaver= 7.40affected
SAPKnowledge Management (XMLForms) in SAP NetWeaver= 7.50affected

Weaknesses

  • Missing XML Validation

ADP Enrichment

CVE Program Container

Additional References

References