Insufficient XML Validation in SAML 2.0 Functionality in SAP NetWeaver AS Java

Insufficient XML Validation in SAML 2.0 Functionality in SAP NetWeaver AS Java

CVE-2018-2492 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.

Learn more about our Web Application Penetration Testing UK.