CVE-2018-2504

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java Web Container service versions prior to 7.10 SAP NetWeaver AS Java Web Container service versions prior to 7.11 SAP NetWeaver AS Java Web Container service versions prior to 7.20 SAP NetWeaver AS Java Web Container service versions prior to 7.30 SAP NetWeaver AS Java Web Container service versions prior to 7.31 SAP NetWeaver AS Java Web Container service versions prior to 7.40 SAP NetWeaver AS Java Web Container service versions prior to 7.50

Description: The issue is related to the lack of input validation in the SAP NetWeaver AS Java Web Container service, which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) attacks. This can allow a remote attacker to perform cross-site scripting attacks.

Recommendations: For versions prior to 7.10, update to version 7.10 or later. For versions prior to 7.11, update to version 7.11 or later. For versions prior to 7.20, update to version 7.20 or later. For versions prior to 7.30, update to version 7.30 or later. For versions prior to 7.31, update to version 7.31 or later. For versions prior to 7.40, update to version 7.40 or later. For versions prior to 7.50, update to version 7.50 or later.