CVE-2018-2477
First published: Tue Nov 13 2018(Updated: )
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver | =7.30 | |
| SAP NetWeaver | =7.31 | |
| SAP NetWeaver | =7.40 | |
| SAP NetWeaver | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-2477.
What is the severity of CVE-2018-2477?
The severity of CVE-2018-2477 is high with a CVSS score of 8.8.
Which software versions are affected by CVE-2018-2477?
The affected software versions are SAP NetWeaver 7.30, 7.31, 7.40, and 7.50.
What is the nature of the vulnerability in SAP Knowledge Management (XMLForms)?
The vulnerability in SAP Knowledge Management (XMLForms) is the insufficient validation of XML documents accepted from untrusted sources.
Where can I find more information about CVE-2018-2477?
You can find more information about CVE-2018-2477 at the following references: [1](http://www.securityfocus.com/bid/105901), [2](https://launchpad.support.sap.com/#/notes/2661740), [3](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832).
- collector/nvd-index
- vendor/sap
- canonical/sap netweaver
- version/sap netweaver/7.30
- version/sap netweaver/7.31
- version/sap netweaver/7.40
- version/sap netweaver/7.50