CVE-2019-0311
N/A
N/A
Summary
Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of the victim using unwanted input and execute malicious code there, resulting in Cross-Site Scripting (XSS) vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP R/3 Enterprise Application | < 6.0 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.02 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.03 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.04 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.05 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.06 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.16 | affected |
| SAP SE | SAP R/3 Enterprise Application | < 6.17 | affected |
Weaknesses
- Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2728153
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
References
- https://launchpad.support.sap.com/#/notes/2728153
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.