CVE-2017-10701

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Enterprise Portal
Vendor
CVE Published:
29 September 2017

Summary

Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.

References

http://www.securityfocus.com/bid/100786
vdb-entryx_refsource_BID
https://cxsecurity.com/issue/WLB-2017090219
x_refsource_MISC
http://www.securityfocus.com/bid/100788
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.