Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2018-2462

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

  • Published: Sep 11, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-2462
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
sap / netweaver 7.31 7.31.x
sap / netweaver 7.40 7.40.x
sap / netweaver 7.41 7.41.x
sap / netweaver 7.50 7.50.x
sap / netweaver 7.30 7.30.x