CVE-2019-0305
N/A
N/A
Summary
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | < 7.10 to 7.11 | affected |
| SAP SE | SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | < 7.2 | affected |
| SAP SE | SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | < 7.3 | affected |
| SAP SE | SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | < 7.31 | affected |
| SAP SE | SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | < 7.4 | affected |
| SAP SE | SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL) | < 7.5 | affected |
Weaknesses
- Clickjacking
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2755502
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
References
- https://launchpad.support.sap.com/#/notes/2755502
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.