CVE-2018-11415

6.1MEDIUM

Key Information:

Vendor: SAP
Status: Internet Transaction Server
Vendor: CVE Published:; 24 May 2018

Summary

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

References

http://www.securityfocus.com/bid/104311

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/44755/

exploitx_refsource_EXPLOIT-DB

https://github.com/0xd0m7/SAP

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 24, 2018
Vulnerability Reserved
May 24, 2018