Описание
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_ui:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_ui:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.
EPSS
Процентиль: 30%
0.0011
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79