CVE-2018-2405

Description

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

SAP_SE / SAP Solution Manager7.10 – 7.10
SAP_SE / SAP Solution Manager7.20 – 7.20

References

MISChttp://www.securityfocus.com/bid/103703
MISChttps://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
MISChttps://launchpad.support.sap.com/#/notes/2372688