ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2773888 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | Vendor Advisory |
http://www.securityfocus.com/bid/109078 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-07-10 12:15
Updated : 2022-10-05 07:16
NVD link : CVE-2019-0321
Mitre link : CVE-2019-0321
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
sap
- netweaver_as_abap
- netweaver_application_server_abap