CVE-2019-0316 Information

Description

SAP NetWeaver Process Integration versions: SAP_XIESR: 7.20 SAP_XITOOL: 7.10 to 7.11 7.30 7.31 7.40 7.50 does not sufficiently validate user-controlled inputs which allows an attacker possessing admin privileges to read and modify data from the victim’s browser by injecting malicious scripts in certain servlets which will be executed when the victim is tricked to click on those malicious links resulting in reflected Cross Site Scripting vulnerability.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com//notes/2745917 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8