CVE-2018-2477
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-2477
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP NetWeaver Knowledge Management (XMLForms) 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台可为SAP应用提供开发和运行环境。Knowledge Management(XMLForms)是其中的一个知识管理组件。 SAP NetWeaver中的Knowledge Management (XMLForms)存在XML外部实体注入漏洞,该漏洞源于程序没有充分的验证来自不可信源的XML文档。远程攻击者可利用该漏洞获取敏感信息的访问权限或造成拒绝服务。以下版本受到影响:SAP NetWeaver 7.30版本,7.
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP | Knowledge Management (XMLForms) in SAP NetWeaver | = 7.30 | - |
II. Public POCs for CVE-2018-2477
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-2477
请登录查看更多情报信息。
- https://launchpad.support.sap.com/#/notes/2661740x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-2477
Same Patch Batch · SAP · 2018-11-13 · 14 CVEs total
| CVE-2018-2473 | SAP BusinessObjects Business Intelligence Platform Server 安全漏洞 | |
| CVE-2018-2476 | SAP NetWeaver 安全漏洞 | |
| CVE-2018-2478 | SAP BASIS 安全漏洞 | |
| CVE-2018-2479 | SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞 | |
| CVE-2018-2481 | SAP_ABA 安全漏洞 | |
| CVE-2018-2482 | SAP Mobile Secure for Android 安全漏洞 | |
| CVE-2018-2483 | SAP BusinessObjects Business Intelligence Platform BI CMC 输入验证错误漏洞 | |
| CVE-2018-2485 | SAP Fiori Client 安全漏洞 | |
| CVE-2018-2487 | SAP Disclosure Management 信息泄露漏洞 | |
| CVE-2018-2488 | SAP Fiori Client 输入验证错误漏洞 | |
| CVE-2018-2489 | SAP Fiori Client 安全漏洞 | |
| CVE-2018-2490 | SAP Fiori Client 安全漏洞 | |
| CVE-2018-2491 | SAP Fiori Client 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: SAP
- CVE-2023-29189
HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) - CVE-2023-29187
DLL Hijacking vulnerability in SapSetup (Software Installati - CVE-2023-29186
Directory/Path Traversal vulnerability in SAP NetWeaver. - CVE-2023-29185
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Busine - CVE-2023-29112
Code Injection vulnerability in SAP Application Interface Fr
V. Comments for CVE-2018-2477
No comments yet