CVE-2019-0319 Information

Description

The SAP Gateway versions 7.5 7.51 7.52 and 7.53 allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it’s not.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html http://www.securityfocus.com/bid/109074 https://cxsecurity.com/ascii/WLB-2019050283 https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f https://launchpad.support.sap.com//notes/2752614 https://launchpad.support.sap.com//notes/2911267 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5