CVE-2016-4016

Опубликовано: 14 апр. 2016

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~~xmii~~ui~~admin~~navigation/NavigationApplication, aka SAP Security Note 2201295.

Ссылки

http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jul/46
Exploit
Third Party Advisory
VDB Entry
https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/
https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/
http://packetstormsecurity.com/files/137920/SAP-xMII-15-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Jul/46
Exploit
Third Party Advisory
VDB Entry
https://erpscan.io/advisories/erpscan-16-021-sap-mii-reflected-xss-vulnerability/
https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:java_as:7.4:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00491

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h2wq-4x28-646c