CVE-2018-2492
N/A
N/A
Summary
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP | SAP NetWeaver Application Server (Java Library) | = 7.20 | affected |
| SAP | SAP NetWeaver Application Server (Java Library) | = 7.30 | affected |
| SAP | SAP NetWeaver Application Server (Java Library) | = 7.31 | affected |
| SAP | SAP NetWeaver Application Server (Java Library) | = 7.50 | affected |
Weaknesses
- Missing XML Validation
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
- https://launchpad.support.sap.com/#/notes/2642680
- http://www.securityfocus.com/bid/106153
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
- https://launchpad.support.sap.com/#/notes/2642680
- http://www.securityfocus.com/bid/106153
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.