CVE-2018-2424 vulnerability in SAP Products
Published on June 12, 2018

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00

NVD

Products Associated with CVE-2018-2424

Want to know whenever a new CVE is published for SAP products? stack.watch will email you.

SAP Hana Database

SAP Ui5

SAP Ui5 Java

SAP Ui

Affected Versions

SAP SE SAP HANA Database:

Version 1.0 is affected.
Version 2.0 is affected.

SAP SE SAP UI5:

Version 1.0 is affected.

SAP SE SAP UI5(Java):

Version 7.3 is affected.
Version 7.31 is affected.
Version 7.40 is affected.
Version 7.50 is affected.

SAP SE SAP UI:

Version 7.40 is affected.
Version 7.50 is affected.
Version 7.51 is affected.
Version 7.52 is affected.

SAP SE SAP UI for SAP NetWeaver 7.00:

Version 2.0 is affected.

Exploit Probability

EPSS

0.29%

Percentile

52.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-2424 vulnerability in SAP ProductsPublished on June 12, 2018

Products Associated with CVE-2018-2424

Affected Versions

Exploit Probability

CVE-2018-2424 vulnerability in SAP Products
Published on June 12, 2018