| Vulnerability Name: | CVE-2018-2464 (CCN-149853) | ||||||||||||
| Assigned: | 2017-12-15 | ||||||||||||
| Published: | 2018-09-11 | ||||||||||||
| Updated: | 2018-11-09 | ||||||||||||
| Summary: | SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-2464 Source: BID Type: Third Party Advisory, VDB Entry 105308 Source: CCN Type: BID-105308 SAP NetWeaver WebDynpro Java CVE-2018-2464 Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN sap-cve20182464-xss(149853) Source: CCN Type: SAP Web site SAP Support Note 2679378 Source: MISC Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/2679378 Source: CCN Type: SAP Security Patch Day September 2018 SAP Security Patch Day September 2018 Source: CONFIRM Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||