CVE-2019-0337 Information

Description

Java Proxy Runtime of SAP NetWeaver Process Integration versions 7.10 7.11 7.30 7.31 7.40 7.50 does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com//notes/2789866 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 Java Proxy Runtime of SAP NetWeaver Process Integration versions 7.10 7.11 7.30 7.31 7.40 7.50 does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1