Cross-Site Scripting in SAP Web Dynpro Java by SAP
CVE-2007-3496

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Nw04; SAP Basis Component 700; Netweaver Nw04s; SAP Basis Component 640
Vendor: CVE Published:; 29 June 2007

What is CVE-2007-3496?

The vulnerability allows remote attackers to exploit the SAP Web Dynpro Java component by injecting arbitrary web scripts or HTML through the User-Agent HTTP header. This exploitation could lead to unauthorized actions performed on behalf of legitimate users, enabling various attack scenarios such as session hijacking or user data theft.

References

http://www.csnc.ch/advisory/sap01.html

x_refsource_MISC

http://securityreason.com/securityalert/2850

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/472341/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2007
Vulnerability Reserved
Jun 29, 2007