CVE-2019-0319
N/A
N/A
Summary
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Gateway | < 7.5 | affected |
| SAP SE | SAP Gateway | < 7.51 | affected |
| SAP SE | SAP Gateway | < 7.52 | affected |
| SAP SE | SAP Gateway | < 7.53 | affected |
Weaknesses
- Content Injection
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/109074
- https://launchpad.support.sap.com/#/notes/2752614
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
- https://cxsecurity.com/ascii/WLB-2019050283
- https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f
- http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html
- https://launchpad.support.sap.com/#/notes/2911267
References
- http://www.securityfocus.com/bid/109074
- https://launchpad.support.sap.com/#/notes/2752614
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
- https://cxsecurity.com/ascii/WLB-2019050283
- https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f
- http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html
- https://launchpad.support.sap.com/#/notes/2911267
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.