ID

VAR-201007-0623


TITLE

SAP NetWeaver System Landscape Directory Multiple Cross Site Scripting Vulnerabilities

Trust: 0.3

sources: BID: 41913

DESCRIPTION

The System Landscape Directory of SAP NetWeaver is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetWeaver 6.4 through 7.02 are vulnerable.

Trust: 0.3

sources: BID: 41913

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope:eqversion:7.02

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.01

Trust: 0.3

vendor:sapmodel:netweaver sp8scope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaver sp15scope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:netweaverscope:eqversion:6.4

Trust: 0.3

sources: BID: 41913

THREAT TYPE

network

Trust: 0.3

sources: BID: 41913

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 41913

EXTERNAL IDS

db:BIDid:41913

Trust: 0.3

sources: BID: 41913

REFERENCES

url:http://dsecrg.com/pages/vul/show.php?id=168

Trust: 0.3

url:https://service.sap.com/sap/support/notes/1416047

Trust: 0.3

url:http://www.sap.com/

Trust: 0.3

url:http://help.sap.com/saphelp_nw04s/helpdata/en/31/f0ff69551e4f259fdad799a229363e/content.htm

Trust: 0.3

url:/archive/1/512585

Trust: 0.3

sources: BID: 41913

CREDITS

Alexander Polyakov, Alexey Troshichev, Digital Security Research Group [DSecRG]

Trust: 0.3

sources: BID: 41913

SOURCES

db:BIDid:41913

LAST UPDATE DATE

2022-05-17T01:46:48.351000+00:00


SOURCES UPDATE DATE

db:BIDid:41913date:2010-07-13T00:00:00

SOURCES RELEASE DATE

db:BIDid:41913date:2010-07-13T00:00:00