CVE-2018-2434 Information
Feb 14, 2021
cve
Description
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra 1.0) SAP UI Implementation for Decoupled Innovations (UI_700 2.0): SAP NetWeaver 7.00 Implementation SAP User Interface Technology (SAP_UI 7.4 7.5 7.51 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Reference
http://www.securityfocus.com/bid/105088 https://launchpad.support.sap.com//notes/2633180 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Share on: