CVE-2019-0388

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Ui; SAP Ui 700
Vendor: CVE Published:; 13 November 2019

Summary

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.

Affected Version(s)

SAP UI < 7.5 < 7.5

SAP UI < 7.51 < 7.51

SAP UI < 7.52 < 7.52

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2843016

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Nov 26, 2018