CVE-2018-2492

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions prior to 7.2 SAP NetWeaver AS Java versions prior to 7.30 SAP NetWeaver AS Java versions prior to 7.31 SAP NetWeaver AS Java versions prior to 7.40 SAP NetWeaver AS Java versions prior to 7.50

Description: The issue exists due to insufficient validation of input data in the SAP NetWeaver platform. This can be exploited by a remote attacker to cause a denial of service. Specifically, the SAML 2.0 functionality does not sufficiently validate XML documents received from an untrusted source.

Recommendations: For versions prior to 7.2, update to version 7.2 or later. For versions prior to 7.30, update to version 7.30 or later. For versions prior to 7.31, update to version 7.31 or later. For versions prior to 7.40, update to version 7.40 or later. For versions prior to 7.50, update to version 7.50 or later.