CVE-2018-2424 Information

Description

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30 7.31 7.40 750; SAP UI 7.40 7.50 7.51 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/104459 https://launchpad.support.sap.com//notes/2538856 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5