CVE-2018-2424

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

Published : 2018-06-12 15:29 Updated : 2019-10-09 23:40

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Sap Hana Database 1.00 cpe:/a:sap:hana_database:1.00
Sap Hana Database 2.00 cpe:/a:sap:hana_database:2.00
Sap Ui 2.0 cpe:/a:sap:ui:2.0::~~~netweaver_7.0~~
Sap Ui 7.40 cpe:/a:sap:ui:7.40
Sap Ui 7.50 cpe:/a:sap:ui:7.50
Sap Ui 7.51 cpe:/a:sap:ui:7.51
Sap Ui 7.52 cpe:/a:sap:ui:7.52
Sap Ui5 1.00 cpe:/a:sap:ui5:1.00
Sap Ui5 Java 7.30 cpe:/a:sap:ui5_java:7.30
Sap Ui5 Java 7.31 cpe:/a:sap:ui5_java:7.31
Sap Ui5 Java 7.40 cpe:/a:sap:ui5_java:7.40
Sap Ui5 Java 7.50 cpe:/a:sap:ui5_java:7.50
  1. Sap (4) Search CVE
    1. Ui5 Java (4) Search CVE
      1. 7.30
      2. 7.31
      3. 7.40
      4. 7.50
    2. Hana Database (2) Search CVE
      1. 1.00
      2. 2.00
    3. Ui5 (1) Search CVE
      1. 1.00
    4. Ui (5) Search CVE
      1. 2.0
      2. 7.40
      3. 7.50
      4. 7.51
      5. 7.52

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-08-10 13:49
2018-06-16 01:29
2018-06-12 15:29

New CVE