CVE-2018-2462

high

Description

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

https://launchpad.support.sap.com/#/notes/2644279

http://www.securityfocus.com/bid/105326

Details

Source: Mitre, NVD

Published: 2018-09-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00793