Unrated severityNVD Advisory· Published Jul 10, 2018· Updated Aug 5, 2024

CVE-2018-2434

Description

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.

Affected products

SAP/SAP User Interface Technologyllm-create2 versions
>=7.4, <=7.52+ 1 more
- (no CPE)range: >=7.4, <=7.52
- (no CPE)range: = 7.4
SAP/SAP UI Implementation for Decoupled Innovationsllm-create2 versions
= 2.0+ 1 more
- (no CPE)range: = 2.0
- (no CPE)range: = 2.0
SAP/Netweaverllm-fuzzy3 versions
(expand)+ 2 more
- (no CPE)
- (no CPE)range: = 7.0
- (no CPE)range: = 1.0

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/105088mitrevdb-entryx_refsource_BID
launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000