cvelist/2018/2xxx/CVE-2018-2410.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cna@sap.com",
      "ID" : "CVE-2018-2410",
      "STATE" : "PUBLIC"
   },
 "affects" : {
    "vendor" : {
       "vendor_data" : [
          {
             "product" : {
                "product_data" : [
                   { 
                      "product_name" : "SAP Business One", 
                      "version" : { 
                      "version_data" : [ 
                         { 
                            "version_affected" : "=", 
                            "version_value" : "9.20" 
                         },
 			 { 
                            "version_affected" : "=", 
                            "version_value" : "9.30" 
                         }
                      ]  
                      } 
                   } 
                ] 
             }, 
             "vendor_name" : "SAP SE" 
          } 
       ]
    }
 }, 
                   
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability."
         }
      ]
   }, 

    "impact" : { 
       "cvss" : { 
          "attackComplexity" : "LOW", 
          "attackVector" : "NETWORK", 
          "availabilityImpact" : "NONE", 
          "baseScore" : 5.4, 
          "baseSeverity" : "MEDIUM", 
          "confidentialityImpact" : "LOW", 
          "integrityImpact" : "LOW", 
          "privilegesRequired" : "LOW", 
          "scope" : "CHANGED", 
          "userInteraction" : "REQUIRED", 
          "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", 
          "version" : "3.0" 
       } 
    }, 

   "problemtype" : { 
       "problemtype_data" : [ 
          { 
             "description" : [ 
                { 
                   "lang" : "eng", 
                   "value" : "Cross-Site Scripting" 
                } 
             ] 
          } 
       ] 
    }, 
    "references" : { 
       "reference_data" : [ 
          { 
             "url" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/" 
          }, 
          { 
             "url" : "https://launchpad.support.sap.com/#/notes/2582870" 
          }
       ] 
    } 
}
- Synchronized data. 2017-12-15 05:03:06 -05:00			`{`
			`"CVE_data_meta" : {`
Update CVE-2018-2410.json 2018-04-10 15:45:32 +02:00			`"ASSIGNER" : "cna@sap.com",`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`"ID" : "CVE-2018-2410",`
Update CVE-2018-2410.json 2018-04-10 15:45:32 +02:00			`"STATE" : "PUBLIC"`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`},`
Update CVE-2018-2410.json 2018-04-10 15:45:32 +02:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "SAP Business One",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "9.20"`
			`},`
			`{`
			`"version_affected" : "=",`
			`"version_value" : "9.30"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "SAP SE"`
			`}`
			`]`
			`}`
			`},`

- Synchronized data. 2017-12-15 05:03:06 -05:00			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
Update CVE-2018-2410.json 2018-04-10 15:45:32 +02:00			`"value" : "SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability."`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`}`
			`]`
Update CVE-2018-2410.json 2018-04-10 15:45:32 +02:00			`},`

			`"impact" : {`
			`"cvss" : {`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "NONE",`
			`"baseScore" : 5.4,`
			`"baseSeverity" : "MEDIUM",`
			`"confidentialityImpact" : "LOW",`
			`"integrityImpact" : "LOW",`
			`"privilegesRequired" : "LOW",`
			`"scope" : "CHANGED",`
			`"userInteraction" : "REQUIRED",`
			`"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",`
			`"version" : "3.0"`
			`}`
			`},`

			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Cross-Site Scripting"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
			`"url" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/"`
			`},`
			`{`
			`"url" : "https://launchpad.support.sap.com/#/notes/2582870"`
			`}`
			`]`
			`}`
- Synchronized data. 2017-12-15 05:03:06 -05:00			`}`