Cross-Site Scripting Vulnerability in SAP NetWeaver Java Application Server
CVE-2019-0275
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 March 2019
What is CVE-2019-0275?
The SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server is vulnerable due to insufficient encoding of user-controlled inputs. This weakness can potentially be exploited to execute arbitrary scripts in the context of the user’s session, leading to unauthorized actions and leakage of sensitive information. Organizations using affected versions should take proactive measures to mitigate this risk by applying appropriate controls and patches.
Affected Version(s)
SAP NetWeaver Java Application Server (J2EE-APPS) < 7.10 to 7.11 < 7.10 to 7.11
SAP NetWeaver Java Application Server (J2EE-APPS) < 7.20 < 7.20
SAP NetWeaver Java Application Server (J2EE-APPS) < 7.30 < 7.30