CVE-2018-2424

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:hana_database:1.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:2.0:*:*:*:*:netweaver_7.0:*:*
cpe:2.3:a:sap:ui:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:7.50:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:7.51:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui:7.52:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5:1.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:ui5_java:7.50:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-12 15:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-2424

Mitre link : CVE-2018-2424

CVE.ORG link : CVE-2018-2424


JSON object : View

Products Affected

sap

  • hana_database
  • ui
  • ui5
  • ui5_java
CWE
CWE-20

Improper Input Validation