CVE-2018-2434

Severity Score

4.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.

Una vulnerabilidad de suplantación de contenido en los siguentes componentes permite renderizar páginas HTML que contienen texto plano arbitrario, lo que podría engañar a un usuario final: UI add-on para SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation para Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51 y 7.52). No supone mucho impacto, ya que no es posible embeber contenido activo como JavaScript o hipervínculos.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-12-15 CVE Reserved
2018-07-10 CVE Published
2023-12-01 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-345: Insufficient Verification of Data Authenticity

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/105088	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"		Netweaver Search vendor "Sap" for product "Netweaver"				7.0 Search vendor "Sap" for product "Netweaver" and version "7.0"		-		Affected
Sap Search vendor "Sap"		Ui Infra Search vendor "Sap" for product "Ui Infra"				1.0 Search vendor "Sap" for product "Ui Infra" and version "1.0"		netweaver		Affected
Sap Search vendor "Sap"		User Interface Technology Search vendor "Sap" for product "User Interface Technology"				7.4 Search vendor "Sap" for product "User Interface Technology" and version "7.4"		-		Affected
Sap Search vendor "Sap"		User Interface Technology Search vendor "Sap" for product "User Interface Technology"				7.5 Search vendor "Sap" for product "User Interface Technology" and version "7.5"		-		Affected
Sap Search vendor "Sap"		User Interface Technology Search vendor "Sap" for product "User Interface Technology"				7.51 Search vendor "Sap" for product "User Interface Technology" and version "7.51"		-		Affected
Sap Search vendor "Sap"		User Interface Technology Search vendor "Sap" for product "User Interface Technology"				7.52 Search vendor "Sap" for product "User Interface Technology" and version "7.52"		-		Affected