Cross-Site Scripting in SAP Web Dynpro Java by SAP
CVE-2007-3496

Currently unrated

Key Information:

Vendor

SAP
Status
Netweaver Nw04
SAP Basis Component 700
Netweaver Nw04s
SAP Basis Component 640
Vendor
CVE Published:
29 June 2007

What is CVE-2007-3496?

The vulnerability allows remote attackers to exploit the SAP Web Dynpro Java component by injecting arbitrary web scripts or HTML through the User-Agent HTTP header. This exploitation could lead to unauthorized actions performed on behalf of legitimate users, enabling various attack scenarios such as session hijacking or user data theft.

References

http://www.csnc.ch/advisory/sap01.html
x_refsource_MISC
http://securityreason.com/securityalert/2850
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/472341/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-3496 : Cross-Site Scripting in SAP Web Dynpro Java by SAP