ID

VAR-201002-0329


TITLE

SAP WebDynpro Runtime Unspecified HTML Injection Vulnerability

Trust: 0.3

sources: BID: 38181

DESCRIPTION

SAP WebDynpro Runtime included in SAP NetWeaver is prone to an HTML-injection vulnerability because the application fails to sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Trust: 0.3

sources: BID: 38181

AFFECTED PRODUCTS

vendor:sapmodel:netweaver 2004sscope:eqversion:0

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:20040

Trust: 0.3

vendor:sapmodel:netweaver 2004s sp13scope:neversion: -

Trust: 0.3

vendor:sapmodel:netweaver sp21scope:neversion:2004

Trust: 0.3

sources: BID: 38181

THREAT TYPE

network

Trust: 0.3

sources: BID: 38181

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 38181

EXTERNAL IDS

db:BIDid:38181

Trust: 0.3

sources: BID: 38181

REFERENCES

url:http://www.sap.com/platform/netweaver/index.epx

Trust: 0.3

url:/archive/1/509499

Trust: 0.3

sources: BID: 38181

CREDITS

Mariano Di Croce

Trust: 0.3

sources: BID: 38181

SOURCES

db:BIDid:38181

LAST UPDATE DATE

2022-05-17T02:10:06.608000+00:00


SOURCES UPDATE DATE

db:BIDid:38181date:2010-02-11T00:00:00

SOURCES RELEASE DATE

db:BIDid:38181date:2010-02-11T00:00:00