Vulnerability Description
SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability.
CVSS Score
5.4
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redwood | Sap Business Process Automation | 9.00 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103374Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2596766Permissions Required
- http://www.securityfocus.com/bid/103374Third Party AdvisoryVDB Entry
- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2596766Permissions Required
FAQ
What is CVE-2018-2401?
CVE-2018-2401 is a vulnerability with a CVSS score of 5.4 (MEDIUM). SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability.
How severe is CVE-2018-2401?
CVE-2018-2401 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2401?
Check the references section above for vendor advisories and patch information. Affected products include: Redwood Sap Business Process Automation.