CVE-2018-2462
HIGHSAP NetWeaver BI 7.30-7.50 - XML External Entity Injection in BEx Web Java Runtime Export Web Service
Title source: llmDescription
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
References (3)
Core 3
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2644279
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105326
Scores
CVSS v3
8.8
EPSS
0.0060
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (5)
sap/netweaver
7.30
sap/netweaver
7.31
sap/netweaver
7.40
sap/netweaver
7.41
sap/netweaver
7.50
Published
Sep 11, 2018
Tracked Since
Feb 18, 2026