Sign-up

ID

VAR-201807-1586


CVE

CVE-2018-2434


TITLE

plural SAP Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-008005

DESCRIPTION

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. plural SAP The product contains an input validation vulnerability.Information may be tampered with. SAP User Interface Technology is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks

Trust: 1.89

sources: NVD: CVE-2018-2434 // JVNDB: JVNDB-2018-008005 // BID: 105088

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 1.9

vendor:sapmodel:user interface technologyscope:eqversion:7.51

Trust: 1.6

vendor:sapmodel:user interface technologyscope:eqversion:7.5

Trust: 1.6

vendor:sapmodel:user interface technologyscope:eqversion:7.4

Trust: 1.6

vendor:sapmodel:ui infrascope:eqversion:1.0

Trust: 1.6

vendor:sapmodel:user interface technologyscope:eqversion:7.52

Trust: 1.6

vendor:sapmodel:netweaverscope: - version: -

Trust: 0.8

vendor:sapmodel:user interface technologyscope: - version: -

Trust: 0.8

vendor:sapmodel:ui infrascope: - version: -

Trust: 0.8

vendor:sapmodel:uiscope:eqversion:7.52

Trust: 0.3

vendor:sapmodel:uiscope:eqversion:7.51

Trust: 0.3

vendor:sapmodel:uiscope:eqversion:7.5

Trust: 0.3

vendor:sapmodel:uiscope:eqversion:7.4

Trust: 0.3

sources: BID: 105088 // JVNDB: JVNDB-2018-008005 // CNNVD: CNNVD-201807-921 // NVD: CVE-2018-2434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-2434
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-2434
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-921
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-2434
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-2434
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-008005 // CNNVD: CNNVD-201807-921 // NVD: CVE-2018-2434

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-008005 // NVD: CVE-2018-2434

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-921

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201807-921

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008005

PATCH
title:SAP Security Patch Day - July 2018url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Trust: 0.8
title:Multiple SAP Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84030
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008005 // 
            
            
            
            CNNVD: CNNVD-201807-921

EXTERNAL IDS
db:NVDid:CVE-2018-2434
Trust: 2.7
db:BIDid:105088
Trust: 1.9
db:JVNDBid:JVNDB-2018-008005
Trust: 0.8
db:CNNVDid:CNNVD-201807-921
Trust: 0.6
sources:
            
            
            BID: 105088 // 
            
            
            
            JVNDB: JVNDB-2018-008005 // 
            
            
            
            CNNVD: CNNVD-201807-921 // 
            
            
            
            NVD: CVE-2018-2434

REFERENCES
url:https://launchpad.support.sap.com/#/notes/2633180
Trust: 1.9
url:http://www.securityfocus.com/bid/105088
Trust: 1.6
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2434
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-2434
Trust: 0.8
url:http://www.sap.com
Trust: 0.3
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499352742
Trust: 0.3
sources:
            
            
            BID: 105088 // 
            
            
            
            JVNDB: JVNDB-2018-008005 // 
            
            
            
            CNNVD: CNNVD-201807-921 // 
            
            
            
            NVD: CVE-2018-2434

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105088

SOURCES
db:BIDid:105088
db:JVNDBid:JVNDB-2018-008005
db:CNNVDid:CNNVD-201807-921
db:NVDid:CVE-2018-2434

LAST UPDATE DATE
2024-11-23T22:45:15.976000+00:00

SOURCES UPDATE DATE
db:BIDid:105088date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-008005date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-921date:2019-10-23T00:00:00
db:NVDid:CVE-2018-2434date:2024-11-21T04:03:48.430

SOURCES RELEASE DATE
db:BIDid:105088date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-008005date:2018-10-04T00:00:00
db:CNNVDid:CNNVD-201807-921date:2018-07-10T00:00:00
db:NVDid:CVE-2018-2434date:2018-07-10T18:29:00.967