CVE-2019-0316

Summary

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Process Integration(SAP_XIESR)< 7.20affected
SAP SESAP NetWeaver Process Integration(SAP_XITOOL)< 7.10 to 7.11affected
SAP SESAP NetWeaver Process Integration(SAP_XITOOL)< 7.30affected
SAP SESAP NetWeaver Process Integration(SAP_XITOOL)< 7.31affected
SAP SESAP NetWeaver Process Integration(SAP_XITOOL)< 7.40affected
SAP SESAP NetWeaver Process Integration(SAP_XITOOL)< 7.50affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References