Cross-Site Scripting Vulnerabilities in SAP NetWeaver Business Client
CVE-2014-9569

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Business Client For Html
Vendor: CVE Published:; 7 January 2015

What is CVE-2014-9569?

Multiple cross-site scripting (XSS) vulnerabilities exist in the SAP NetWeaver Business Client for HTML 3.0, permitting remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities can be exploited through manipulation of specific parameters, namely the 'title' and 'roundtrips', which may compromise the security of the web application and its users. Affected users are at risk of unauthorized actions being executed in their web sessions, underscoring the importance of security practices in web development and application management.

References

http://secunia.com/advisories/62017

third-party-advisoryx_refsource_SECUNIA

http://www.senseofsecurity.com.au/advisories/SOS-14-005

x_refsource_MISC

http://www.securitytracker.com/id/1031509

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 7, 2015
Vulnerability Reserved
Jan 7, 2015