Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-2424

Опубликовано: 12 июн. 2018
Источник: nvd
CVSS3: 9.8
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:hana_database:1.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:2.0:*:*:*:*:netweaver_7.0:*:*
cpe:2.3:a:sap:ui:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:7.50:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:7.51:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:7.52:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5:1.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 52%
0.00292
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-5q23-7rqm-g3pj

CVSS3: 7.5
github
больше 3 лет назад

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

EPSS

Процентиль: 52%
0.00292
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20