CVE-2018-2399

Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
sapCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
sapprocess_monitoring_infrastructure
7.10
sapprocess_monitoring_infrastructure
7.11
sapprocess_monitoring_infrastructure
7.20
sapprocess_monitoring_infrastructure
7.30
sapprocess_monitoring_infrastructure
7.31
sapprocess_monitoring_infrastructure
7.40
sapprocess_monitoring_infrastructure
7.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103372
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2592807
http://www.securityfocus.com/bid/103372
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
https://launchpad.support.sap.com/#/notes/2592807