CVE-2018-2424
Last modified
CVE-2018-2424 is a vulnerability of currently unknown severity. SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. EPSS estimates a 2.40% chance of exploitation in the next 30 days.
Description
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Hana Database | 1.00 |
| Sap | Hana Database | 2.00 |
| Sap | Ui | 2.0 |
| Sap | Ui | 7.40 |
| Sap | Ui | 7.50 |
| Sap | Ui | 7.51 |
| Sap | Ui | 7.52 |
| Sap | Ui5 | 1.00 |
| Sap | Ui5 Java | 7.30 |
| Sap | Ui5 Java | 7.31 |
| Sap | Ui5 Java | 7.40 |
| Sap | Ui5 Java | 7.50 |
References
- http://www.securityfocus.com/bid/104459Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2538856Permissions Required, Vendor Advisory
- http://www.securityfocus.com/bid/104459Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2538856Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-2424?
How severe is CVE-2018-2424?
How do I fix CVE-2018-2424?
Are you affected by CVE-2018-2424?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST