CVE-2019-0319

Sažetak

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

Reference

http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html
http://www.securityfocus.com/bid/109074
https://cxsecurity.com/ascii/WLB-2019050283
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f
https://launchpad.support.sap.com/#/notes/2752614
https://launchpad.support.sap.com/#/notes/2911267
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

24-08-2020 - 17:37

Objavljeno

10-07-2019 - 19:15