Vulnerability Description
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
CVSS Score
7.1
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Java | 7.20 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106153Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2642680Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699Vendor Advisory
- http://www.securityfocus.com/bid/106153Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2642680Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699Vendor Advisory
FAQ
What is CVE-2018-2492?
CVE-2018-2492 is a vulnerability with a CVSS score of 7.1 (HIGH). SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
How severe is CVE-2018-2492?
CVE-2018-2492 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2492?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Application Server Java.