Cross-Site Scripting Vulnerability in SAP Process Monitoring Infrastructure
CVE-2018-2399
6.1MEDIUM
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 14 March 2018
Summary
A Cross-Site Scripting vulnerability exists in SAP Process Monitoring Infrastructure versions 7.10 through 7.11 and 7.20 through 7.50. This issue arises due to inadequate encoding of user-controlled inputs, allowing attackers to inject malicious scripts. If exploited, this vulnerability can enable unauthorized access and manipulation of sensitive information, posing significant risks to the integrity of user interactions and data confidentiality.
Affected Version(s)
SAP Process Monitoring Infrastructure from 7.10 to 7.11
SAP Process Monitoring Infrastructure 7.20
SAP Process Monitoring Infrastructure 7.30
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved