CVE-2018-2434

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions 7.00, 7.4, 7.5, 7.51, 7.52 UI add-on for SAP NetWeaver version 1.0 SAP UI Implementation for Decoupled Innovations version 2.0

Description A content spoofing issue in certain SAP components allows rendering of HTML pages with arbitrary plain text, potentially deceiving end users. However, the impact is limited as it does not permit embedding active content like JavaScript or hyperlinks.

Recommendations For SAP NetWeaver versions 7.00, 7.4, 7.5, 7.51, 7.52, consider restricting access to the UI add-on for SAP NetWeaver and SAP UI Implementation for Decoupled Innovations until a fix is available. For UI add-on for SAP NetWeaver version 1.0, restrict the use of the affected UI components to minimize the risk of exploitation. For SAP UI Implementation for Decoupled Innovations version 2.0, avoid using the vulnerable implementation in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.