CVE-2018-2424

Name of the Vulnerable Software and Affected Versions SAP Hana Database versions 1.00 through 2.00 SAP UI5 version 1.00 SAP UI5 (Java) versions 7.30 through 7.50 SAP UI versions 7.40 through 7.52 SAP UI for SAP NetWeaver version 2.0

Description The issue arises from the failure to validate user input before adding it to the DOM structure. This oversight may allow malicious user-provided JavaScript code to be added to the DOM, potentially leading to the theft of user information.

Recommendations For SAP Hana Database versions 1.00 through 2.00, update to a version that includes input validation. For SAP UI5 version 1.00, update to a version that includes input validation. For SAP UI5 (Java) versions 7.30 through 7.50, update to a version that includes input validation. For SAP UI versions 7.40 through 7.52, update to a version that includes input validation. For SAP UI for SAP NetWeaver version 2.0, update to a version that includes input validation. As a temporary workaround, consider restricting user input to prevent malicious code from being added to the DOM.