CVE-2018-2492

Summary

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

Affected Software

VendorProductVersion RangeStatus
SAPSAP NetWeaver Application Server (Java Library)= 7.20affected
SAPSAP NetWeaver Application Server (Java Library)= 7.30affected
SAPSAP NetWeaver Application Server (Java Library)= 7.31affected
SAPSAP NetWeaver Application Server (Java Library)= 7.50affected

Weaknesses

  • Missing XML Validation

ADP Enrichment

CVE Program Container

Additional References

References