VYPR

NetWeaver AS Java Web Container

by SAP

CVEs (1)

  • CVE-2018-2504MedDec 11, 2018
    risk 0.40cvss 6.1epss 0.01

    SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50.