Vulnerability Details : CVE-2018-2434
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.
Exploit prediction scoring system (EPSS) score for CVE-2018-2434
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-2434
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-2434
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-2434
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
SAP Security Patch Day – July 2018 - Product Security Response at SAP - SCN WikiVendor Advisory
-
https://launchpad.support.sap.com/#/notes/2633180
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
http://www.securityfocus.com/bid/105088
SAP User Interface Technology CVE-2018-2434 Unspecified Content Spoofing VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2018-2434
- cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:ui_infra:1.0:*:*:*:*:netweaver:*:*
- cpe:2.3:a:sap:user_interface_technology:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:sap:user_interface_technology:7.51:*:*:*:*:*:*:*
- cpe:2.3:a:sap:user_interface_technology:7.52:*:*:*:*:*:*:*
- cpe:2.3:a:sap:user_interface_technology:7.4:*:*:*:*:*:*:*