CVE-2018-2435

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions 7.0 through 7.02 SAP NetWeaver Enterprise Portal version 7.11 SAP NetWeaver Enterprise Portal version 7.20 SAP NetWeaver Enterprise Portal version 7.30 SAP NetWeaver Enterprise Portal version 7.31 SAP NetWeaver Enterprise Portal version 7.40 SAP NetWeaver Enterprise Portal version 7.50

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue.

Recommendations For SAP NetWeaver Enterprise Portal versions 7.0 through 7.02, consider implementing proper input encoding to prevent XSS attacks. For SAP NetWeaver Enterprise Portal version 7.11, ensure that all user-controlled inputs are sufficiently encoded. For SAP NetWeaver Enterprise Portal version 7.20, apply proper encoding to user-controlled inputs. For SAP NetWeaver Enterprise Portal version 7.30, validate and encode all user inputs. For SAP NetWeaver Enterprise Portal version 7.31, implement input validation and encoding. For SAP NetWeaver Enterprise Portal version 7.40, ensure proper encoding of user-controlled inputs. For SAP NetWeaver Enterprise Portal version 7.50, apply input encoding to prevent XSS attacks.