Vulnerability Description
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver | 7.30 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105326Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2644279Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993Vendor Advisory
- http://www.securityfocus.com/bid/105326Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2644279Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993Vendor Advisory
FAQ
What is CVE-2018-2462?
CVE-2018-2462 is a vulnerability with a CVSS score of 8.8 (HIGH). In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
How severe is CVE-2018-2462?
CVE-2018-2462 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2462?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver.