Cross Site Scripting Vulnerability in SAP Enterprise Portal
CVE-2017-10701

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Enterprise Portal
Vendor
CVE Published:
29 September 2017

Summary

A cross site scripting vulnerability exists in SAP Enterprise Portal 7.50, allowing remote attackers to inject arbitrary web scripts or HTML into a user's browser session. This vulnerability can lead to unauthorized actions being performed, data theft, or other malicious activities targeting users of the affected portal. It is crucial for organizations utilizing this product to implement security measures and updates as recommended in SAP Security Notes 2469860, 2471209, and 2488516 to mitigate potential risks.

References

http://www.securityfocus.com/bid/100786
vdb-entryx_refsource_BID
https://cxsecurity.com/issue/WLB-2017090219
x_refsource_MISC
http://www.securityfocus.com/bid/100788
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.