CVE-2019-0305

Summary

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)< 7.10 to 7.11affected
SAP SESAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)< 7.2affected
SAP SESAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)< 7.3affected
SAP SESAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)< 7.31affected
SAP SESAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)< 7.4affected
SAP SESAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)< 7.5affected

Weaknesses

  • Clickjacking

ADP Enrichment

CVE Program Container

Additional References

References