CVE-2018-2492

2018-12-1123:00:00

sap

www.cve.org

EPSS

0.002

Percentile

52.4%

JSON

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

CNA Affected

[
  {
    "product": "SAP NetWeaver Application Server (Java Library)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "= 7.20"
      },
      {
        "status": "affected",
        "version": "= 7.30"
      },
      {
        "status": "affected",
        "version": "= 7.31"
      },
      {
        "status": "affected",
        "version": "= 7.50"
      }
    ]
  }
]