Cross-Site Scripting Vulnerability in SAP Web Application Server and Web Dynpro
CVE-2008-2421

Currently unrated

Key Information:

Vendor

SAP
Status
SAP Web Application Server
Web Dynpro
Vendor
CVE Published:
23 May 2008

What is CVE-2008-2421?

This vulnerability allows remote attackers to exploit the Web GUI of SAP Web Application Server by injecting arbitrary web scripts or HTML through the PATH_INFO parameter in the default URI located at bc/gui/sap/its/webgui/. This can lead to unauthorized actions being performed on behalf of users, data theft, or defacement of the web interface. Proper validation and sanitization of user inputs are crucial to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/492376/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/29317
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/42724
vdb-entryx_refsource_XF

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.