ID
VAR-201007-0623
TITLE
SAP NetWeaver System Landscape Directory Multiple Cross Site Scripting Vulnerabilities
Trust: 0.3
DESCRIPTION
The System Landscape Directory of SAP NetWeaver is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetWeaver 6.4 through 7.02 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 0.3 |
vendor: | sap | model: | netweaver | scope: | eq | version: | 7.01 | Trust: 0.3 |
vendor: | sap | model: | netweaver sp8 | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | sap | model: | netweaver sp15 | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | sap | model: | netweaver | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | sap | model: | netweaver | scope: | eq | version: | 6.4 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
db: | BID | id: | 41913 | Trust: 0.3 |
REFERENCES
url: | http://dsecrg.com/pages/vul/show.php?id=168 | Trust: 0.3 |
url: | https://service.sap.com/sap/support/notes/1416047 | Trust: 0.3 |
url: | http://www.sap.com/ | Trust: 0.3 |
url: | http://help.sap.com/saphelp_nw04s/helpdata/en/31/f0ff69551e4f259fdad799a229363e/content.htm | Trust: 0.3 |
url: | /archive/1/512585 | Trust: 0.3 |
CREDITS
Alexander Polyakov, Alexey Troshichev, Digital Security Research Group [DSecRG]
Trust: 0.3
SOURCES
db: | BID | id: | 41913 |
LAST UPDATE DATE
2022-05-17T01:46:48.351000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 41913 | date: | 2010-07-13T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 41913 | date: | 2010-07-13T00:00:00 |