CVE-2018-2434
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
49.6%
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | netweaver | 7.0 | cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:* |
| sap | ui_infra | 1.0 | cpe:2.3:a:sap:ui_infra:1.0:*:*:*:*:netweaver:*:* |
| sap | user_interface_technology | 7.4 | cpe:2.3:a:sap:user_interface_technology:7.4:*:*:*:*:*:*:* |
| sap | user_interface_technology | 7.5 | cpe:2.3:a:sap:user_interface_technology:7.5:*:*:*:*:*:*:* |
| sap | user_interface_technology | 7.51 | cpe:2.3:a:sap:user_interface_technology:7.51:*:*:*:*:*:*:* |
| sap | user_interface_technology | 7.52 | cpe:2.3:a:sap:user_interface_technology:7.52:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
49.6%