CVE-2018-2399

MEDIUM

SAP Process Monitoring Infrastructure 7.10-7.11, 7.20, 7.30-7.31, 7.40, 7.50 - Cross-Site Scripting

Title source: llm

Description

Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103372

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/

Permissions Required, Vendor Advisory x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2592807

Scores

CVSS v3 6.1

EPSS 0.0020

EPSS Percentile 41.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (7)

sap/process_monitoring_infrastructure 7.10

sap/process_monitoring_infrastructure 7.11

sap/process_monitoring_infrastructure 7.20

sap/process_monitoring_infrastructure 7.30

sap/process_monitoring_infrastructure 7.31

sap/process_monitoring_infrastructure 7.40

sap/process_monitoring_infrastructure 7.50

Published Mar 14, 2018

Tracked Since Feb 18, 2026