VYPR
Medium severity6.1NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026

CVE-2018-2452

CVE-2018-2452

Description

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability.

Affected products

2
  • SAP/Netweaver As Javallm-fuzzy2 versions
    7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50+ 1 more
    • (no CPE)range: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
    • (no CPE)range: = 7.10 to 7.11

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.