CVE-2018-2462

Name of the Vulnerable Software and Affected Versions SAP NetWeaver BI versions 7.30 through 7.50

Description The issue is related to the BEx Web Java Runtime Export Web Service in SAP NetWeaver BI, which does not sufficiently validate an XML document accepted from an untrusted source. This is due to incorrect restriction of XML links to external objects, allowing a remote attacker to potentially gain access to the file system or cause a denial of service.

Recommendations For SAP NetWeaver BI versions 7.30 through 7.50, consider restricting access to the BEx Web Java Runtime Export Web Service until a fix is available, and ensure proper validation of XML documents from untrusted sources to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.