CVE-2018-2492

high

Description

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

https://launchpad.support.sap.com/#/notes/2642680

http://www.securityfocus.com/bid/106153

Details

Source: Mitre, NVD

Published: 2018-12-11

Updated: 2021-04-20

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Severity: High

Detections

Analytics