SAP NetWeaver AS Java CVE-2018-2492 XML External Entity Injection Vulnerability
BID:106153
CVE-2018-2492 |Info
SAP NetWeaver AS Java CVE-2018-2492 XML External Entity Injection Vulnerability
| Bugtraq ID: | 106153 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-2492 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 11 2018 12:00AM |
| Updated: | Dec 11 2018 12:00AM |
| Credit: | SAP |
| Vulnerable: |
SAP NetWeaver AS Java 7.50 SAP NetWeaver AS Java 7.31 SAP NetWeaver AS Java 7.30 SAP NetWeaver AS Java 7.20 |
| Not Vulnerable: | |
Discussion
SAP NetWeaver AS Java CVE-2018-2492 XML External Entity Injection Vulnerability
SAP NetWeaver AS Java is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.
SAP NetWeaver AS Java is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.
Exploit / POC
SAP NetWeaver AS Java CVE-2018-2492 XML External Entity Injection Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
SAP NetWeaver AS Java CVE-2018-2492 XML External Entity Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
SAP NetWeaver AS Java CVE-2018-2492 XML External Entity Injection Vulnerability
References:
References:
- AS Java Home (SAP)
- SAP Homepage (SAP)
- SAP Security Patch Day �?? December 2018 (SAP)