CVE-2018-2434

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.

Published: Jul 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-2434
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-345

Affected Software
References

Software	From	Fixed in
sap / netweaver	7.0	7.0.x
sap / ui_infra	1.0	1.0.x
sap / user_interface_technology	7.4	7.4.x
sap / user_interface_technology	7.5	7.5.x
sap / user_interface_technology	7.51	7.51.x
sap / user_interface_technology	7.52	7.52.x

http://www.securityfocus.com/bid/105088
https://launchpad.support.sap.com/#/notes/2633180
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Vulnerability Database

290,020

CVE-2018-2434