CVE-2018-2415

🗓️ 09 May 2018 20:00:00Reported by sapType

SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API) version 7.10 to 7.50 is prone to content spoofing via inadequate user input encoding

Reporter	Title	Published	Views	Family All 6
CNVD	Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service	22 May 201800:00	–	cnvd
Cvelist	CVE-2018-2415	9 May 201820:00	–	cvelist
EUVD	EUVD-2018-14270	7 Oct 202500:30	–	euvd
NVD	CVE-2018-2415	9 May 201820:29	–	nvd
OSV	CVE-2018-2415	9 May 201820:29	–	osv
Prion	Spoofing	9 May 201820:29	–	prion

NVD

Vulners

Node

sap netweaver_java_web_container_and_http_service_engineMatch7.10

sap netweaver_java_web_container_and_http_service_engineMatch7.11

sap netweaver_java_web_container_and_http_service_engineMatch7.30

sap netweaver_java_web_container_and_http_service_engineMatch7.31

sap netweaver_java_web_container_and_http_service_engineMatch7.40

sap netweaver_java_web_container_and_http_service_engineMatch7.50

Node

sap j2ee_engine_server_coreMatch7.11

sap j2ee_engine_server_coreMatch7.30

sap j2ee_engine_server_coreMatch7.31

sap j2ee_engine_server_coreMatch7.40

sap j2ee_engine_server_coreMatch7.50

[
  {
    "product": "SAP NetWeaver Application Server (Engine API)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "from 7.10 to 7.11"
      },
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  },
  {
    "product": "SAP NetWeaver Application Server (J2EE Engine Server Core)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.11"
      },
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/104130
blogs	www.blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
launchpad	www.launchpad.support.sap.com/

21 Nov 2024 04:03Current

4.7Medium risk

Vulners AI Score4.7

CVSS 24.3

CVSS 34.7

EPSS0.00278

CWE-172