All the vulnerabilites related to SAP - SAP NetWeaver BI
cve-2018-2462
Vulnerability from cvelistv5
Published
2018-09-11 15:00
Modified
2024-08-05 04:21
Severity ?
Summary
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
References
https://launchpad.support.sap.com/#/notes/2644279x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993x_refsource_CONFIRM
http://www.securityfocus.com/bid/105326vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:33.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2644279"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
          },
          {
            "name": "105326",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105326"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver BI",
          "vendor": "SAP",
          "versions": [
            {
              "status": "affected",
              "version": "= 7.30"
            },
            {
              "status": "affected",
              "version": "= 7.31"
            },
            {
              "status": "affected",
              "version": "= 7.40"
            },
            {
              "status": "affected",
              "version": "= 7.41"
            },
            {
              "status": "affected",
              "version": "= 7.50"
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-13T09:57:01",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2644279"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
        },
        {
          "name": "105326",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105326"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2018-2462",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver BI",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "=",
                            "version_value": "7.30"
                          },
                          {
                            "version_name": "=",
                            "version_value": "7.31"
                          },
                          {
                            "version_name": "=",
                            "version_value": "7.40"
                          },
                          {
                            "version_name": "=",
                            "version_value": "7.41"
                          },
                          {
                            "version_name": "=",
                            "version_value": "7.50"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2644279",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2644279"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
              "refsource": "CONFIRM",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
            },
            {
              "name": "105326",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105326"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2018-2462",
    "datePublished": "2018-09-11T15:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:21:33.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}