The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103005 | Third Party Advisory VDB Entry |
https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2560741 | Permissions Required |
Configurations
History
No history.
Information
Published : 2018-02-14 12:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-2371
Mitre link : CVE-2018-2371
CVE.ORG link : CVE-2018-2371
JSON object : View
Products Affected
sap
- netweaver_java_web_application
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')