cnvd - cnvd-2018-11475

CNVD-2018-11475

Vulnerability from cnvd - Published: 2018-06-14

Title

SAP Hana DB、UI5和UI跨站脚本漏洞

Description

SAP Hana DB、UI5和UI都是德国思爱普（SAP）公司的产品。SAP Hana DB是一个基于行和列的内存数据库。UI5和UI都是基于JavaScript的UI库，它集成了大量的UI控件。 SAP Hana DB、UI5和UI中存在安全漏洞，该漏洞源于程序在将用户输入添加到DOM框架之前未能验证该输入。攻击者可利用该漏洞向DOM中添加恶意的JavaScript代码，窃取用户信息。

Severity

中

Patch Name

SAP Hana DB、UI5和UI跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255

Impacted products

Name
['SAP UI 7.51', 'SAP UI ，7.52', 'SAP UI 2.0', 'SAP Hana Database 1.00', 'SAP Hana Database 2.00', 'SAP UI5 1.00', 'SAP UI5(Java) 7.30', 'SAP UI5(Java) 7.31', 'SAP UI5(Java) 7.40', 'SAP UI5(Java) 7.50', 'SAP UI 7.40', 'SAP UI 7.50']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-2424"
    }
  },
  "description": "SAP Hana DB\u3001UI5\u548cUI\u90fd\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SAP Hana DB\u662f\u4e00\u4e2a\u57fa\u4e8e\u884c\u548c\u5217\u7684\u5185\u5b58\u6570\u636e\u5e93\u3002UI5\u548cUI\u90fd\u662f\u57fa\u4e8eJavaScript\u7684UI\u5e93\uff0c\u5b83\u96c6\u6210\u4e86\u5927\u91cf\u7684UI\u63a7\u4ef6\u3002\r\n\r\nSAP Hana DB\u3001UI5\u548cUI\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u5c06\u7528\u6237\u8f93\u5165\u6dfb\u52a0\u5230DOM\u6846\u67b6\u4e4b\u524d\u672a\u80fd\u9a8c\u8bc1\u8be5\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411DOM\u4e2d\u6dfb\u52a0\u6076\u610f\u7684JavaScript\u4ee3\u7801\uff0c\u7a83\u53d6\u7528\u6237\u4fe1\u606f\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11475",
  "openTime": "2018-06-14",
  "patchDescription": "SAP Hana DB\u3001UI5\u548cUI\u90fd\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SAP Hana DB\u662f\u4e00\u4e2a\u57fa\u4e8e\u884c\u548c\u5217\u7684\u5185\u5b58\u6570\u636e\u5e93\u3002UI5\u548cUI\u90fd\u662f\u57fa\u4e8eJavaScript\u7684UI\u5e93\uff0c\u5b83\u96c6\u6210\u4e86\u5927\u91cf\u7684UI\u63a7\u4ef6\u3002\r\n\r\nSAP Hana DB\u3001UI5\u548cUI\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u5c06\u7528\u6237\u8f93\u5165\u6dfb\u52a0\u5230DOM\u6846\u67b6\u4e4b\u524d\u672a\u80fd\u9a8c\u8bc1\u8be5\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411DOM\u4e2d\u6dfb\u52a0\u6076\u610f\u7684JavaScript\u4ee3\u7801\uff0c\u7a83\u53d6\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Hana DB\u3001UI5\u548cUI\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP UI 7.51",
      "SAP UI \uff0c7.52",
      "SAP UI 2.0",
      "SAP Hana Database 1.00",
      "SAP Hana Database 2.00",
      "SAP UI5 1.00",
      "SAP UI5(Java) 7.30",
      "SAP UI5(Java) 7.31",
      "SAP UI5(Java) 7.40",
      "SAP UI5(Java) 7.50",
      "SAP UI 7.40",
      "SAP UI 7.50"
    ]
  },
  "referenceLink": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-14",
  "title": "SAP Hana DB\u3001UI5\u548cUI\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2018-2424 (GCVE-0-2018-2424)

Vulnerability from cvelistv5 – Published: 2018-06-12 15:00 – Updated: 2024-08-05 04:21

Summary

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Cross-Site Scripting

Assigner

sap

References

URL

Tags

	https://launchpad.support.sap.com/#/notes/2538856	x_refsource_MISC
	http://www.securityfocus.com/bid/104459	vdb-entryx_refsource_BID
	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

SAP SE

SAP HANA Database

Affected: 1.0
Affected: 2.0

SAP SE	SAP UI5	Affected: 1.0
SAP SE	SAP UI5(Java)	Affected: 7.3 Affected: 7.31 Affected: 7.40 Affected: 7.50
SAP SE	SAP UI	Affected: 7.40 Affected: 7.50 Affected: 7.51 Affected: 7.52
SAP SE	SAP UI for SAP NetWeaver 7.00	Affected: 2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:21:33.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2538856"
          },
          {
            "name": "104459",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104459"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP HANA Database",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "SAP UI5",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        },
        {
          "product": "SAP UI5(Java)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "7.3"
            },
            {
              "status": "affected",
              "version": "7.31"
            },
            {
              "status": "affected",
              "version": "7.40"
            },
            {
              "status": "affected",
              "version": "7.50"
            }
          ]
        },
        {
          "product": "SAP UI",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "7.40"
            },
            {
              "status": "affected",
              "version": "7.50"
            },
            {
              "status": "affected",
              "version": "7.51"
            },
            {
              "status": "affected",
              "version": "7.52"
            }
          ]
        },
        {
          "product": "SAP UI for SAP NetWeaver 7.00",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "datePublic": "2018-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-15T09:57:01",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2538856"
        },
        {
          "name": "104459",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104459"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2018-2424",
          "STATE": "PUBLIC",
          "vendor_name": "SAP SE"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP HANA Database",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP UI5",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP UI5(Java)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7.3"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.31"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.40"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.50"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP UI",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "7.40"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.50"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.51"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.52"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP UI for SAP NetWeaver 7.00",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2538856",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2538856"
            },
            {
              "name": "104459",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104459"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255",
              "refsource": "CONFIRM",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2018-2424",
    "datePublished": "2018-06-12T15:00:00",
    "dateReserved": "2017-12-15T00:00:00",
    "dateUpdated": "2024-08-05T04:21:33.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-11475

CVE-2018-2424 (GCVE-0-2018-2424)

Tags

Sightings

Nomenclature