Vulnerability Description
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Hana Database | 1.00 |
| Sap | Ui | 2.0 |
| Sap | Ui5 | 1.00 |
| Sap | Ui5 Java | 7.30 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104459Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2538856Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255Vendor Advisory
- http://www.securityfocus.com/bid/104459Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2538856Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255Vendor Advisory
FAQ
What is CVE-2018-2424?
CVE-2018-2424 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software c...
How severe is CVE-2018-2424?
CVE-2018-2424 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-2424?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Hana Database, Sap Ui, Sap Ui5, Sap Ui5 Java.