Описание
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver_application_server_abap:31:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_ui:*:*:*
EPSS
Процентиль: 47%
0.00237
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
EPSS
Процентиль: 47%
0.00237
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79