CVE-2018-2462
https://notcve.org/view.php?id=CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. En ciertos casos, BEx Web Java Runtime Export Web Service en SAP NetWeaver BI 7.30, 7.31, 7.40, 7.41 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105326 https://launchpad.support.sap.com/#/notes/2644279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-20: Improper Input Validation •
CVE-2018-2464
https://notcve.org/view.php?id=CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. SAP WebDynpro Java 7.20, 7.30, 7.31, 7.40 y 7.50 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/105308 https://launchpad.support.sap.com/#/notes/2679378 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2435
https://notcve.org/view.php?id=CVE-2018-2435
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal desde la versión 7.0 hasta la 7.02, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104706 https://launchpad.support.sap.com/#/notes/2643126 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2415
https://notcve.org/view.php?id=CVE-2018-2415
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. Java Web Container y HTTP Service en SAP NetWeaver Application Server (Engine API, de la versión 7.10 a la 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40 y 7.50) no cifran lo suficiente entradas controladas por el usuario, lo que resulta en una vulnerabilidad de suplantación de contenido cuando se muestran páginas de error. • http://www.securityfocus.com/bid/104130 https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018 https://launchpad.support.sap.com/#/notes/2550202 • CWE-172: Encoding Error •
CVE-2018-2365
https://notcve.org/view.php?id=CVE-2018-2365
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Portal y WebDynpro Java 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/102999 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2547977 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •