EUVD-2018-14270

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

SAP NetWeaver Application Server lacks input encoding, leading to content spoofing on error pages.

Reporter	Title	Published	Views	Family All 6
CNVD	Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service	22 May 201800:00	–	cnvd
CVE	CVE-2018-2415	9 May 201820:00	–	cve
Cvelist	CVE-2018-2415	9 May 201820:00	–	cvelist
NVD	CVE-2018-2415	9 May 201820:29	–	nvd
OSV	CVE-2018-2415	9 May 201820:29	–	osv
Prion	Spoofing	9 May 201820:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "e37be3f3-c3b6-3bdd-a760-9f7548819a80",
        "vendor": {
          "name": "SAP SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "09bffcc2-fae0-3d50-8eaf-822605bf110c",
        "product": {
          "name": "SAP NetWeaver Application Server (J2EE Engine Server Core)"
        },
        "product_version": "7.31"
      },
      {
        "id": "119ff9d3-4607-340e-92a2-304be3c50df0",
        "product": {
          "name": "SAP NetWeaver Application Server (J2EE Engine Server Core)"
        },
        "product_version": "7.30"
      },
      {
        "id": "17d15e15-cd79-3aef-8c16-27c9461fd0bd",
        "product": {
          "name": "SAP NetWeaver Application Server (Engine API)"
        },
        "product_version": "7.31"
      },
      {
        "id": "25f91fd6-2c9b-3724-b293-965779a5bc74",
        "product": {
          "name": "SAP NetWeaver Application Server (J2EE Engine Server Core)"
        },
        "product_version": "7.50"
      },
      {
        "id": "308af787-c005-3e64-bb69-7d63d332f8b9",
        "product": {
          "name": "SAP NetWeaver Application Server (J2EE Engine Server Core)"
        },
        "product_version": "7.40"
      },
      {
        "id": "65172425-0bf1-3fe7-b402-dd9a831be7f5",
        "product": {
          "name": "SAP NetWeaver Application Server (Engine API)"
        },
        "product_version": "7.50"
      },
      {
        "id": "a9190f02-7776-3937-8436-23f52d18f392",
        "product": {
          "name": "SAP NetWeaver Application Server (Engine API)"
        },
        "product_version": "7.30"
      },
      {
        "id": "c368cc29-fd00-3803-87db-0d6a701b8ff9",
        "product": {
          "name": "SAP NetWeaver Application Server (Engine API)"
        },
        "product_version": "7.40"
      },
      {
        "id": "eb038d62-ff22-32cc-beec-25e8c8977cf0",
        "product": {
          "name": "SAP NetWeaver Application Server (J2EE Engine Server Core)"
        },
        "product_version": "7.11"
      },
      {
        "id": "f1c7ed96-306f-3703-9bb9-de75e0df17b3",
        "product": {
          "name": "SAP NetWeaver Application Server (Engine API)"
        },
        "product_version": "from 7.10 to 7.11"
      }
    ]
  }
]

Source	Link
blogs	www.blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
launchpad	www.launchpad.support.sap.com/
securityfocus	www.securityfocus.com/bid/104130
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

4.9Medium risk

Vulners AI Score4.9

CVSS 34.7

CVSS 24.3

EPSS0.00278