Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SAP NetWeaver Application Server (Java Library) by SAP
CVE-2018-2492 (GCVE-0-2018-2492)
Vulnerability from cvelistv5 – Published: 2018-12-11 23:00 – Updated: 2024-08-05 04:21
VLAI
EPSS
VEX
Summary
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Severity
No CVSS data available.
CWE
- Missing XML Validation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2642680 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106153 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP NetWeaver Application Server (Java Library) |
Affected:
= 7.20
Affected: = 7.30 Affected: = 7.31 Affected: = 7.50 |
Date Public
2018-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:34.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2642680"
},
{
"name": "106153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Application Server (Java Library)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.30"
},
{
"status": "affected",
"version": "= 7.31"
},
{
"status": "affected",
"version": "= 7.50"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2642680"
},
{
"name": "106153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server (Java Library)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.30"
},
{
"version_name": "=",
"version_value": "7.31"
},
{
"version_name": "=",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2642680",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2642680"
},
{
"name": "106153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2492",
"datePublished": "2018-12-11T23:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:34.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2492 (GCVE-0-2018-2492)
Vulnerability from nvd – Published: 2018-12-11 23:00 – Updated: 2024-08-05 04:21
VLAI
EPSS
VEX
Summary
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
Severity
No CVSS data available.
CWE
- Missing XML Validation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2642680 | x_refsource_MISC |
| http://www.securityfocus.com/bid/106153 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | SAP NetWeaver Application Server (Java Library) |
Affected:
= 7.20
Affected: = 7.30 Affected: = 7.31 Affected: = 7.50 |
Date Public
2018-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:34.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2642680"
},
{
"name": "106153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Application Server (Java Library)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.30"
},
{
"status": "affected",
"version": "= 7.31"
},
{
"status": "affected",
"version": "= 7.50"
}
]
}
],
"datePublic": "2018-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2642680"
},
{
"name": "106153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server (Java Library)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.30"
},
{
"version_name": "=",
"version_value": "7.31"
},
{
"version_name": "=",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2642680",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2642680"
},
{
"name": "106153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2492",
"datePublished": "2018-12-11T23:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:34.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}