Cross-Site Scripting Vulnerability in SAP ABAP Server and Platform
CVE-2019-0321

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Abap Server And Abap Platform (SAP Basis)
Vendor
CVE Published:
10 July 2019

Summary

The SAP ABAP Server and ABAP Platform, specifically versions 7.31, 7.4, and 7.5, exhibit a vulnerability stemming from inadequate encoding of user-controlled inputs. This oversight can lead to Cross-Site Scripting (XSS) attacks, allowing malicious users to inject arbitrary scripts into web pages viewed by other users. Exploitation of this vulnerability could potentially compromise user data and disrupt business operations, highlighting the importance of robust input validation and encoding practices.

Affected Version(s)

ABAP Server and ABAP Platform (SAP Basis) < 7.31 < 7.31

ABAP Server and ABAP Platform (SAP Basis) < 7.4 < 7.4

ABAP Server and ABAP Platform (SAP Basis) < 7.5 < 7.5

References

http://www.securityfocus.com/bid/109078
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2773888
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.