CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2452
https://notcve.org/view.php?id=CVE-2018-2452
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. La aplicación de inicio de sesión de SAP NetWeaver AS Java desde la versión 7.10 hasta la 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105325 https://launchpad.support.sap.com/#/notes/2623846 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2462
https://notcve.org/view.php?id=CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. En ciertos casos, BEx Web Java Runtime Export Web Service en SAP NetWeaver BI 7.30, 7.31, 7.40, 7.41 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105326 https://launchpad.support.sap.com/#/notes/2644279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2464
https://notcve.org/view.php?id=CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. SAP WebDynpro Java 7.20, 7.30, 7.31, 7.40 y 7.50 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/105308 https://launchpad.support.sap.com/#/notes/2679378 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2434
https://notcve.org/view.php?id=CVE-2018-2434
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. Una vulnerabilidad de suplantación de contenido en los siguentes componentes permite renderizar páginas HTML que contienen texto plano arbitrario, lo que podría engañar a un usuario final: UI add-on para SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation para Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51 y 7.52). No supone mucho impacto, ya que no es posible embeber contenido activo como JavaScript o hipervínculos. • http://www.securityfocus.com/bid/105088 https://launchpad.support.sap.com/#/notes/2633180 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2435
https://notcve.org/view.php?id=CVE-2018-2435
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal desde la versión 7.0 hasta la 7.02, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104706 https://launchpad.support.sap.com/#/notes/2643126 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •