CVE-2017-10701

Опубликовано: 29 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.

Ссылки

http://www.securityfocus.com/bid/100786
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100788
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100805
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/101068
Third Party Advisory
VDB Entry
https://cxsecurity.com/issue/WLB-2017090219
Third Party Advisory
http://www.securityfocus.com/bid/100786
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100788
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100805
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/101068
Third Party Advisory
VDB Entry
https://cxsecurity.com/issue/WLB-2017090219
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:enterprise_portal:*:*:*:*:*:*:*:*

Версия до 7.50 (включая)

EPSS

Процентиль: 66%

0.00511

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fv75-hj93-9jpp