cvelist/2018/2xxx/CVE-2018-2399.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cna@sap.com",
      "ID" : "CVE-2018-2399",
      "STATE" : "PUBLIC"
   },
 "affects" : {
    "vendor" : {
       "vendor_data" : [
          {
             "product" : {
                "product_data" : [
                   { 
                      "product_name" : "SAP Process Monitoring Infrastructure", 
                      "version" : { 
                      "version_data" : [ 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "from 7.10 to 7.11" 
                         }, 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "7.20" 
                         } , 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "7.30" 
                         }  , 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "7.31" 
                         }  , 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "7.40" 
                         }  , 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "7.50" 
                         } 
                      ]  
                      } 
                   } 
                ] 
             }, 
             "vendor_name" : "SAP SE" 
          } 
       ]
    }
 },                    
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs."
         }
      ]
   }, 
  "impact" : { 
       "cvss" : { 
          "attackComplexity" : "LOW", 
          "attackVector" : "NETWORK", 
          "availabilityImpact" : "NONE", 
          "baseScore" : 6.1, 
          "baseSeverity" : "MEDIUM", 
          "confidentialityImpact" : "LOW", 
          "integrityImpact" : "LOW", 
          "privilegesRequired" : "NONE", 
          "scope" : "CHANGED", 
          "userInteraction" : "REQUIRED", 
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", 
          "version" : "3.0" 
       } 
    }, 
   "problemtype" : { 
       "problemtype_data" : [ 
          { 
             "description" : [ 
                { 
                   "lang" : "eng", 
                   "value" : "Cross-Site Scripting" 
                } 
             ] 
          } 
       ] 
    }, 
    "references" : { 
       "reference_data" : [ 
          { 
             "url" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/" 
          }, 
          { 
             "url" : "https://launchpad.support.sap.com/#/notes/2592807" 
          }
       ] 
    } 
}
- Synchronized data. 2017-12-15 05:03:06 -05:00			`{`
			`"CVE_data_meta" : {`
Update CVE-2018-2399.json 2018-03-14 18:10:41 +01:00			`"ASSIGNER" : "cna@sap.com",`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`"ID" : "CVE-2018-2399",`
Update CVE-2018-2399.json 2018-03-14 18:10:41 +01:00			`"STATE" : "PUBLIC"`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`},`
Update CVE-2018-2399.json 2018-03-14 18:10:41 +01:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "SAP Process Monitoring Infrastructure",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "from 7.10 to 7.11"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.20"`
			`} ,`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.30"`
			`} ,`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.31"`
			`} ,`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.40"`
			`} ,`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "7.50"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "SAP SE"`
			`}`
			`]`
			`}`
			`},`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
Update CVE-2018-2399.json 2018-03-14 18:10:41 +01:00			`"value" : "Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs."`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`}`
			`]`
Update CVE-2018-2399.json 2018-03-14 18:10:41 +01:00			`},`
			`"impact" : {`
			`"cvss" : {`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "NONE",`
			`"baseScore" : 6.1,`
			`"baseSeverity" : "MEDIUM",`
			`"confidentialityImpact" : "LOW",`
			`"integrityImpact" : "LOW",`
			`"privilegesRequired" : "NONE",`
			`"scope" : "CHANGED",`
			`"userInteraction" : "REQUIRED",`
			`"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",`
			`"version" : "3.0"`
			`}`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Cross-Site Scripting"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
			`"url" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"`
			`},`
			`{`
			`"url" : "https://launchpad.support.sap.com/#/notes/2592807"`
			`}`
			`]`
			`}`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`}`