ID
VAR-201002-0329
TITLE
SAP WebDynpro Runtime Unspecified HTML Injection Vulnerability
Trust: 0.3
sources:
BID: 38181
DESCRIPTION
SAP WebDynpro Runtime included in SAP NetWeaver is prone to an HTML-injection vulnerability because the application fails to sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Trust: 0.3
sources:
BID: 38181
AFFECTED PRODUCTS
vendor: | sap | model: | netweaver 2004s | scope: | eq | version: | 0 | Trust: 0.3 |
vendor: | sap | model: | netweaver | scope: | eq | version: | 20040 | Trust: 0.3 |
vendor: | sap | model: | netweaver 2004s sp13 | scope: | ne | version: | - | Trust: 0.3 |
vendor: | sap | model: | netweaver sp21 | scope: | ne | version: | 2004 | Trust: 0.3 |
sources:
BID: 38181
THREAT TYPE
network
Trust: 0.3
sources:
BID: 38181
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 38181
EXTERNAL IDS
db: | BID | id: | 38181 | Trust: 0.3 |
sources:
BID: 38181
REFERENCES
url: | http://www.sap.com/platform/netweaver/index.epx | Trust: 0.3 |
url: | /archive/1/509499 | Trust: 0.3 |
sources:
BID: 38181
CREDITS
Mariano Di Croce
Trust: 0.3
sources:
BID: 38181
SOURCES
db: | BID | id: | 38181 |
LAST UPDATE DATE
2022-05-17T02:10:06.608000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 38181 | date: | 2010-02-11T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 38181 | date: | 2010-02-11T00:00:00 |