Cross-Site Scripting Vulnerability in SAP Disclosure Management
CVE-2019-0254

5.4MEDIUM

Key Information:

Vendor
SAP
Status
SAP Disclosure Management
Vendor
CVE Published:
15 February 2019

Summary

SAP Disclosure Management versions prior to 10.1 Stack 1301 are vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate encoding of user-controlled inputs. This oversight allows attackers to inject malicious scripts into the web application, potentially compromising user sessions, stealing sensitive information, or redirecting users to malicious sites. It is critical for users of this software to implement appropriate security measures to mitigate this risk.

Affected Version(s)

SAP Disclosure Management < 10.1 Stack 1301

References

http://www.securityfocus.com/bid/107004
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2706798
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.