Описание
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.86:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:7.87:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_kernel:8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.83:*:*:*:*:*:*:*
cpe:2.3:a:sap:webdispatcher:7.85:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00395
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
EPSS
Процентиль: 60%
0.00395
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79