{"id": "CVE-2018-2492", "bulletinFamily": "NVD", "title": "CVE-2018-2492", "description": "SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.", "published": "2018-12-11T22:29:00", "modified": "2019-01-08T19:41:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2492", "reporter": "cve@mitre.org", "references": ["https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699", "http://www.securityfocus.com/bid/106153", "https://launchpad.support.sap.com/#/notes/2642680"], "cvelist": ["CVE-2018-2492"], "type": "cve", "lastseen": "2019-05-29T18:20:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "9a9fc7803f367d29bcb7d3ec23eb69cc"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9c222c70e8ddd623b1c590872db96883"}, {"key": "cpe23", "hash": "ea0dc4f8f275b181976ec8d4f6431cff"}, {"key": "cvelist", "hash": "a5d93de95b8076b960b572e83a31156f"}, {"key": "cvss", "hash": "f1abc346c0cd328cae9410a41261ca2f"}, {"key": "cvss2", "hash": "33fbd0aee416345ad05ca2f9d30340e2"}, {"key": "cvss3", "hash": "ba73f1f31fcdb9712f97e580f186b589"}, {"key": "cwe", "hash": "226da5129ffaaee3d5b48e506b957d58"}, {"key": "description", "hash": "3f05d2282e19b4eef1e2825594f53fd5"}, {"key": "href", "hash": "1d142d5009632b189faad0b0b745f772"}, {"key": "modified", "hash": "dcb2b5be80c076dab10bab7d180cfd7c"}, {"key": "published", "hash": "681a0ac2e13724788b581205aac3e6e1"}, {"key": "references", "hash": "70c81eba585cf456bdba4066e1207eb9"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "95672809817e16004c231e4f6147ace3"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "546ec7001a85144f480deb6d0a46b7d99ebd4a61714ac5d47bd02d347603581e", "viewCount": 3, "enchantments": {"score": {"value": 3.7, "vector": "NONE", "modified": "2019-05-29T18:20:04", "rev": 2}, "dependencies": {"references": [], "modified": "2019-05-29T18:20:04", "rev": 2}, "vulnersScore": 3.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:sap:netweaver:7.50", "cpe:/a:sap:netweaver:7.20", "cpe:/a:sap:netweaver:7.30", "cpe:/a:sap:netweaver:7.40", "cpe:/a:sap:netweaver:7.31"], "affectedSoftware": [{"name": "sap netweaver", "operator": "eq", "version": "7.31"}, {"name": "sap netweaver", "operator": "eq", "version": "7.20"}, {"name": "sap netweaver", "operator": "eq", "version": "7.50"}, {"name": "sap netweaver", "operator": "eq", "version": "7.30"}, {"name": "sap netweaver", "operator": "eq", "version": "7.40"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, "cpe23": ["cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*"], "cwe": ["CWE-20"]}

{}