CVE-2018-2504 Information
Feb 14, 2021
cve
Description
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10 7.11 7.20 7.30 7.31 7.40 7.50.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/106150 https://launchpad.support.sap.com//notes/2718993 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: