Cross-Site Scripting Vulnerability in SAP NetWeaver Java Application Server
CVE-2019-0275
5.4MEDIUM
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 12 March 2019
Summary
The SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server is vulnerable due to insufficient encoding of user-controlled inputs. This weakness can potentially be exploited to execute arbitrary scripts in the context of the user’s session, leading to unauthorized actions and leakage of sensitive information. Organizations using affected versions should take proactive measures to mitigate this risk by applying appropriate controls and patches.
Affected Version(s)
SAP NetWeaver Java Application Server (J2EE-APPS) < 7.10 to 7.11 < 7.10 to 7.11
SAP NetWeaver Java Application Server (J2EE-APPS) < 7.20 < 7.20
SAP NetWeaver Java Application Server (J2EE-APPS) < 7.30 < 7.30
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved