Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Process Integration
CVE-2019-0316
4.8MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 June 2019
What is CVE-2019-0316?
A reflected Cross Site Scripting vulnerability exists in SAP NetWeaver Process Integration due to insufficient validation of user inputs. This flaw allows authenticated attackers with admin privileges to inject malicious scripts into the application. When victims interact with these scripts by clicking on compromised links, their browsers may execute malicious code, leading to unauthorized data access or manipulation.
Affected Version(s)
SAP NetWeaver Process Integration(SAP_XIESR) < 7.20
SAP NetWeaver Process Integration(SAP_XITOOL) < 7.10 to 7.11 < 7.10 to 7.11
SAP NetWeaver Process Integration(SAP_XITOOL) < 7.30 < 7.30