SAP Netweaver AS Java Web Application 7.50 SAML 2.0 Service Provider XSS Vulnerability

SAP Netweaver AS Java Web Application 7.50 SAML 2.0 Service Provider XSS Vulnerability

CVE-2018-2371 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.

Learn more about our Web App Pen Testing.