CVE-2019-0361
N/A
N/A
Summary
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT) | < 3.73 | affected |
| SAP SE | SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT) | < 7.31 | affected |
| SAP SE | SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT) | < 7.32 | affected |
Weaknesses
- Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
- https://launchpad.support.sap.com/#/notes/2820607
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
- https://launchpad.support.sap.com/#/notes/2820607
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.