Reflected XSS Vulnerability in SAP Internet Transaction Server
CVE-2018-11415

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Internet Transaction Server
Vendor
CVE Published:
24 May 2018

Summary

The SAP Internet Transaction Server (ITS) 6200.X.X is vulnerable to a reflected Cross Site Scripting (XSS) exploit through specific wgate URIs. This weakness allows attackers to inject malicious scripts into web applications, potentially compromising user data and session integrity. It is crucial for users and administrators of SAP ITS to be aware of this vulnerability, especially since the vendor has signaled that no further updates will be issued for this product. Organizations still utilizing this product should take immediate steps to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/104311
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/44755/
exploitx_refsource_EXPLOIT-DB
https://github.com/0xd0m7/SAP
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.