What is the severity of CVE-2018-2415?

CVE-2018-2415 has been rated as a medium severity vulnerability.

How do I fix CVE-2018-2415?

To fix CVE-2018-2415, upgrade to the latest version of SAP NetWeaver Application Server Java Web Container or J2EE Engine Server Core that is not affected by this vulnerability.

What types of inputs are vulnerable in CVE-2018-2415?

CVE-2018-2415 involves the insufficient encoding of user-controlled inputs resulting in content spoofing.

Which SAP products are affected by CVE-2018-2415?

CVE-2018-2415 affects various versions of SAP NetWeaver Application Server Java and J2EE Engine Server Core from 7.10 to 7.50.

What are the potential impacts of CVE-2018-2415?

The potential impacts of CVE-2018-2415 include content spoofing, which could mislead users and undermine trust.

Vulnerability/
CVE-2018-2415

medium

4.7

CWE

172

9/5/2018

5/8/2024

CVE-2018-2415

First published: Wed May 09 2018(Updated: )

SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver Java Web Container and HTTP Service Engine	=7.10
SAP NetWeaver Java Web Container and HTTP Service Engine	=7.11
SAP NetWeaver Java Web Container and HTTP Service Engine	=7.30
SAP NetWeaver Java Web Container and HTTP Service Engine	=7.31
SAP NetWeaver Java Web Container and HTTP Service Engine	=7.40
SAP NetWeaver Java Web Container and HTTP Service Engine	=7.50
SAP J2EE Engine	=7.11
SAP J2EE Engine	=7.30
SAP J2EE Engine	=7.31
SAP J2EE Engine	=7.40
SAP J2EE Engine	=7.50

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-2415?
CVE-2018-2415 has been rated as a medium severity vulnerability.
How do I fix CVE-2018-2415?
To fix CVE-2018-2415, upgrade to the latest version of SAP NetWeaver Application Server Java Web Container or J2EE Engine Server Core that is not affected by this vulnerability.
What types of inputs are vulnerable in CVE-2018-2415?
CVE-2018-2415 involves the insufficient encoding of user-controlled inputs resulting in content spoofing.
Which SAP products are affected by CVE-2018-2415?
CVE-2018-2415 affects various versions of SAP NetWeaver Application Server Java and J2EE Engine Server Core from 7.10 to 7.50.
What are the potential impacts of CVE-2018-2415?
The potential impacts of CVE-2018-2415 include content spoofing, which could mislead users and undermine trust.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/severity
agent/references
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sap
canonical/sap netweaver java web container and http service engine
version/sap netweaver java web container and http service engine/7.10
version/sap netweaver java web container and http service engine/7.11
version/sap netweaver java web container and http service engine/7.30
version/sap netweaver java web container and http service engine/7.31
version/sap netweaver java web container and http service engine/7.40
version/sap netweaver java web container and http service engine/7.50
canonical/sap j2ee engine
version/sap j2ee engine/7.11
version/sap j2ee engine/7.30
version/sap j2ee engine/7.31
version/sap j2ee engine/7.40
version/sap j2ee engine/7.50