CVE-2007-3495

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Reference

http://osvdb.org/37749
http://secunia.com/advisories/25866
http://securityreason.com/securityalert/2849
http://www.csnc.ch/advisory/sap02.html
http://www.securityfocus.com/archive/1/472345/100/0/threaded
http://www.vupen.com/english/advisories/2007/2381
https://exchange.xforce.ibmcloud.com/vulnerabilities/35107

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

16-10-2018 - 16:50

Objavljeno

29-06-2007 - 18:30