PT-2018-3536 · Sap · Sap Netweaver As Java
Publicado
2018-12-11
·
Atualizado
2021-04-20
·
CVE-2018-2492
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:C |
Name of the Vulnerable Software and Affected Versions:
SAP NetWeaver AS Java versions prior to 7.2
SAP NetWeaver AS Java versions prior to 7.30
SAP NetWeaver AS Java versions prior to 7.31
SAP NetWeaver AS Java versions prior to 7.40
SAP NetWeaver AS Java versions prior to 7.50
Description:
The issue exists due to insufficient validation of input data in the SAP NetWeaver platform. This can be exploited by a remote attacker to cause a denial of service. Specifically, the SAML 2.0 functionality does not sufficiently validate XML documents received from an untrusted source.
Recommendations:
For versions prior to 7.2, update to version 7.2 or later.
For versions prior to 7.30, update to version 7.30 or later.
For versions prior to 7.31, update to version 7.31 or later.
For versions prior to 7.40, update to version 7.40 or later.
For versions prior to 7.50, update to version 7.50 or later.
Correção
XXE
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Sap Netweaver As Java