VYPR
Unrated severityNVD Advisory· Published Dec 11, 2018· Updated Aug 5, 2024

CVE-2018-2504

CVE-2018-2504

Description

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.

Affected products

2
  • SAP/Netweaver As Javallm-fuzzy2 versions
    7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50+ 1 more
    • (no CPE)range: 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
    • (no CPE)range: = 7.10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.