All the vulnerabilites related to sap - ui5
Vulnerability from fkie_nvd
Published
2018-06-12 15:29
Modified
2024-11-21 04:03
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/104459 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2538856 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2538856 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:hana_database:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "528C05CB-315F-465C-8C25-EF85AA7D19B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6CA542-7071-48B6-B135-3AE9B4BB1DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui:2.0:*:*:*:*:netweaver_7.0:*:*",
"matchCriteriaId": "BAC1FC47-D27B-4D31-B0CB-84CB75B9B314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6A245CAD-2365-48F5-994D-65658825DA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "FD311636-17EB-4DEA-8A9B-9539B4B43C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE480CB-D830-42D5-B297-3D5874AEFA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "830F67FF-0DEA-4B07-A3E0-CDCD01888DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBC9A13-184E-403D-9F4C-435A46A3F92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5_java:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "500E7A87-9E8C-464D-9316-F4F2FDECFDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5_java:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C959F430-EF52-48FE-838D-40B87019B61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5_java:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "FC625547-85B8-4E19-B7DC-32BC25603F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5_java:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D0C09-61E9-48CE-8440-9513B79845B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00"
},
{
"lang": "es",
"value": "SAP UI5 no valid\u00f3 las entradas de usuario antes de a\u00f1adirlas a la estructura DOM. Esto podr\u00eda conducir a que se a\u00f1ada al DOM c\u00f3digo JavaScript malicioso proporcionado por el usuario que podr\u00eda robar informaci\u00f3n del usuario. Los componentes de software afectados son: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52 y la versi\u00f3n 2.0 de SAP UI para SAP NetWeaver 7.00"
}
],
"id": "CVE-2018-2424",
"lastModified": "2024-11-21T04:03:47.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-12T15:29:00.307",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104459"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2538856"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2538856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 19:15
Modified
2024-11-21 04:16
Severity ?
Summary
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55156CCE-56A8-43FD-87C3-1A4849656FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1165027E-EAC9-4163-B2BC-0FD2E76D1665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "014A32BF-E695-4382-AE81-0209846FA99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8220FC-05F3-4BE7-AF38-3BD917C5631A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A38FF70-E888-4768-82A8-3A44620F1F6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
},
{
"lang": "es",
"value": "SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podr\u00eda enga\u00f1ar a un usuario para que crea que esta informaci\u00f3n es de servicio leg\u00edtimo cuando no lo es."
}
],
"id": "CVE-2019-0319",
"lastModified": "2024-11-21T04:16:40.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T19:15:10.220",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
},
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109074"
},
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
},
{
"source": "cna@sap.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"source": "cna@sap.com",
"url": "https://launchpad.support.sap.com/#/notes/2911267"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.support.sap.com/#/notes/2911267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-09 21:15
Modified
2024-11-21 05:48
Severity ?
Summary
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3014303 | Permissions Required, Third Party Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3014303 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6980394-2B06-4660-B495-E81FF13058CA",
"versionEndExcluding": "1.38.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE5AAFE-6AFB-4F3C-9919-650611936BD7",
"versionEndExcluding": "1.52.49",
"versionStartIncluding": "1.50.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F88A1AE9-FF5E-4842-9C0E-A6C3DBB79CE6",
"versionEndExcluding": "1.60.34",
"versionStartIncluding": "1.60.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1646B5-02CE-480C-91CC-D9F7FD48AB0D",
"versionEndExcluding": "1.71.31",
"versionStartIncluding": "1.71.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53D55323-DA22-4D9A-9D9D-4372A86BEF65",
"versionEndExcluding": "1.78.18",
"versionStartIncluding": "1.78.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD70F05-C64D-4F82-A7AB-D512720211F2",
"versionEndExcluding": "1.84.5",
"versionStartIncluding": "1.84.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06FE28A7-74C3-4976-8CA7-FE446F85CD84",
"versionEndExcluding": "1.85.4",
"versionStartIncluding": "1.85.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:ui5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D89B55D-5557-44B8-A80C-212135299C08",
"versionEndExcluding": "1.86.1",
"versionStartIncluding": "1.86.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities."
},
{
"lang": "es",
"value": "SAP UI5, versiones anteriores a: 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, permite a un atacante no autenticado redireccionar a usuarios a un sitio malicioso debido a vulnerabilidades de tipo Tabnabbing Inverso"
}
],
"id": "CVE-2021-21476",
"lastModified": "2024-11-21T05:48:26.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-09T21:15:13.533",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3014303"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3014303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-21476
Vulnerability from cvelistv5
Published
2021-02-09 20:44
Modified
2024-08-03 18:16
Severity ?
EPSS score ?
Summary
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3014303 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3014303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP UI5",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.38.49"
},
{
"status": "affected",
"version": "\u003c 1.52.49"
},
{
"status": "affected",
"version": "\u003c 1.60.34"
},
{
"status": "affected",
"version": "\u003c 1.71.31"
},
{
"status": "affected",
"version": "\u003c 1.78.18"
},
{
"status": "affected",
"version": "\u003c 1.84.5"
},
{
"status": "affected",
"version": "\u003c 1.85.4"
},
{
"status": "affected",
"version": "\u003c 1.86.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Tabnabbing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T15:55:27",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3014303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-21476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP UI5",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.38.49"
},
{
"version_name": "\u003c",
"version_value": "1.52.49"
},
{
"version_name": "\u003c",
"version_value": "1.60.34"
},
{
"version_name": "\u003c",
"version_value": "1.71.31"
},
{
"version_name": "\u003c",
"version_value": "1.78.18"
},
{
"version_name": "\u003c",
"version_value": "1.84.5"
},
{
"version_name": "\u003c",
"version_value": "1.85.4"
},
{
"version_name": "\u003c",
"version_value": "1.86.1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tabnabbing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3014303",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3014303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-21476",
"datePublished": "2021-02-09T20:44:32",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-03T18:16:22.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2424
Vulnerability from cvelistv5
Published
2018-06-12 15:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/2538856 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104459 | vdb-entry, x_refsource_BID | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP HANA Database |
Version: 1.0 Version: 2.0 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2538856"
},
{
"name": "104459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP HANA Database",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "SAP UI5",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"product": "SAP UI5(Java)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.3"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "7.50"
}
]
},
{
"product": "SAP UI",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "7.50"
},
{
"status": "affected",
"version": "7.51"
},
{
"status": "affected",
"version": "7.52"
}
]
},
{
"product": "SAP UI for SAP NetWeaver 7.00",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-15T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2538856"
},
{
"name": "104459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2424",
"STATE": "PUBLIC",
"vendor_name": "SAP SE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP HANA Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "SAP UI5",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
},
{
"product_name": "SAP UI5(Java)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.3"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "7.50"
}
]
}
},
{
"product_name": "SAP UI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "7.50"
},
{
"version_affected": "=",
"version_value": "7.51"
},
{
"version_affected": "=",
"version_value": "7.52"
}
]
}
},
{
"product_name": "SAP UI for SAP NetWeaver 7.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2538856",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2538856"
},
{
"name": "104459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104459"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2424",
"datePublished": "2018-06-12T15:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0319
Vulnerability from cvelistv5
Published
2019-07-10 18:51
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/109074 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2752614 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | x_refsource_CONFIRM | |
| https://cxsecurity.com/ascii/WLB-2019050283 | x_refsource_MISC | |
| https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/2911267 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP Gateway |
Version: < 7.5 Version: < 7.51 Version: < 7.52 Version: < 7.53 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109074"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2911267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Gateway",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
},
{
"status": "affected",
"version": "\u003c 7.51"
},
{
"status": "affected",
"version": "\u003c 7.52"
},
{
"status": "affected",
"version": "\u003c 7.53"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Content Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T12:46:08",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "109074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109074"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2911267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Gateway",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
},
{
"version_name": "\u003c",
"version_value": "7.51"
},
{
"version_name": "\u003c",
"version_value": "7.52"
},
{
"version_name": "\u003c",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Content Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109074"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2752614",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"name": "https://cxsecurity.com/ascii/WLB-2019050283",
"refsource": "MISC",
"url": "https://cxsecurity.com/ascii/WLB-2019050283"
},
{
"name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
},
{
"name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2911267",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2911267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0319",
"datePublished": "2019-07-10T18:51:55",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201907-1475
Vulnerability from variot
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices.
[VulnerabilityType Other] Content Spoofing
[Vendor of Product] SAP
[Affected Product] SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53
[PoC] Tested in SAPUI5 1.0.0 PoC:
https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P ',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31
[Attack Type] Remote
[Reference] https://capec.mitre.org/data/definitions/148.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
[Discoverer] Offensive0Labs - Rafael Fontes Souza
References below: "SAP Product Security Response Team seg, 8 de jul 04:33 (há 6 dias) para eu, SAP
Hello Rafael,
We are pleased to inform you that we are releasing the following security note on July Patch Day 2019:
Sec Incident ID(s) 1870475251
Security Note 2752614
Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway
Advisory Plan Date 10/09/2019
Delivery date of fix/Patch Day 07/09/2019
CVSS Base Score 4.3
CVSS Base Vector NLNR | U | NLN
Credits go to:
Offensive0Labs, Rafael Fontes Souza
*Notes will be visible to customers on 9th of July 2019.
https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers
"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1475",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.5"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.51"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.52"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.53"
},
{
"model": "ui5",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "1.0.0"
},
{
"model": "sapui5",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.53"
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.52"
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.51"
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.5"
}
],
"sources": [
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP,Rafael Fontes Souza",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0319",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-140350",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0319",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0319",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-462",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-140350",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nContent Spoofing\n\n------------------------------------------\n\n[Vendor of Product]\nSAP\n\n------------------------------------------\n\n[Affected Product]\nSAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53\n\n------------------------------------------\n\n[PoC]\nTested in SAPUI5 1.0.0\nPoC:\n\nhttps://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category=\u0027P\n\u0027,id=\u0027flp.settings.FlpSettings\u0027)?$expand=PersContainerItemsu1kpa_HACKED_\u0026sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31\n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Reference]\nhttps://capec.mitre.org/data/definitions/148.html\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319\n------------------------------------------\n\n[Discoverer]\nOffensive0Labs - Rafael Fontes Souza\n\n\n\n\nReferences below:\n\"SAP Product Security Response Team\nseg, 8 de jul 04:33 (h\u00e1 6 dias)\npara eu, SAP\n\nHello Rafael,\n\nWe are pleased to inform you that we are releasing the following security\nnote on July Patch Day 2019:\n\nSec Incident ID(s) 1870475251\n\nSecurity Note 2752614\n\nSecurity Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP\nGateway\n\nAdvisory Plan Date 10/09/2019\n\nDelivery date of fix/Patch Day 07/09/2019\n\nCVSS Base Score 4.3\n\nCVSS Base Vector NLNR | U | NLN\n\nCredits go to:\n\nOffensive0Labs, Rafael Fontes Souza\n\n*Notes will be visible to customers on 9th of July 2019. \n\nhttps://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers\n\n\"\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "PACKETSTORM",
"id": "153661"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0319",
"trust": 2.9
},
{
"db": "BID",
"id": "109074",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "153661",
"trust": 1.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019050283",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-04338",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-140350",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "PACKETSTORM",
"id": "153661"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"id": "VAR-201907-1475",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:15.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Patch Day - July 2019",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
},
{
"title": "SAP Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94601"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
},
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/153661/sapui5-1.0.0-sap-gateway-7.5-7.51-7.52-7.53-content-spoofing.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/109074"
},
{
"trust": 2.0,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
},
{
"trust": 2.0,
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"trust": 1.7,
"url": "https://cxsecurity.com/ascii/wlb-2019050283"
},
{
"trust": 1.7,
"url": "https://drive.google.com/open?id=1agfqggvydehsk7mfisfkw7to60yif55f"
},
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/2911267"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0319"
},
{
"trust": 0.9,
"url": "http://www.sap.com/"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0319"
},
{
"trust": 0.1,
"url": "https://wiki.scn.sap.com/wiki/display/psr/acknowledgments+to+security+researchers"
},
{
"trust": 0.1,
"url": "https://capec.mitre.org/data/definitions/148.html"
},
{
"trust": 0.1,
"url": "https://sapmobile.target.com/sap/opu/odata/ui2/interop/perscontainers(category=\u0027p"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "PACKETSTORM",
"id": "153661"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "PACKETSTORM",
"id": "153661"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-140350"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109074"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"date": "2019-07-16T02:22:22",
"db": "PACKETSTORM",
"id": "153661"
},
{
"date": "2019-07-10T19:15:10.220000",
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-140350"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109074"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"date": "2020-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Gateway Vulnerability in injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
],
"trust": 0.6
}
}
var-201806-1433
Vulnerability from variot
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00. SAP UI5 is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ui",
"scope": "eq",
"trust": 2.7,
"vendor": "sap",
"version": "7.52"
},
{
"model": "ui",
"scope": "eq",
"trust": 2.7,
"vendor": "sap",
"version": "7.51"
},
{
"model": "ui",
"scope": "eq",
"trust": 2.7,
"vendor": "sap",
"version": "7.50"
},
{
"model": "ui",
"scope": "eq",
"trust": 2.7,
"vendor": "sap",
"version": "7.40"
},
{
"model": "hana database",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "1.00"
},
{
"model": "ui",
"scope": "eq",
"trust": 2.1,
"vendor": "sap",
"version": "2.0"
},
{
"model": "ui5",
"scope": "eq",
"trust": 1.9,
"vendor": "sap",
"version": "1.00"
},
{
"model": "hana database",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "2.00"
},
{
"model": "ui5 java",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.40"
},
{
"model": "ui5 java",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.50"
},
{
"model": "ui5 java",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.30"
},
{
"model": "ui5 java",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.31"
},
{
"model": "ui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "5 1.00"
},
{
"model": "ui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "5 java 7"
},
{
"model": "ui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "50"
},
{
"model": "ui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "5 java 7.30"
},
{
"model": "ui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "5 java 7.31"
},
{
"model": "ui",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "5 java 7.40"
},
{
"model": "ui5",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.50"
},
{
"model": "ui5",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.40"
},
{
"model": "ui5",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"model": "ui5",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"model": "netweaver",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
},
{
"model": "hana db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "2.00"
},
{
"model": "hana db",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "1.00"
}
],
"sources": [
{
"db": "BID",
"id": "104459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:ui:7.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui:7.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui5_java:7.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui5_java:7.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui:2.0:*:*:*:*:netweaver_7.0:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui:7.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui5_java:7.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui5:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:hana_database:2.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui:7.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:ui5_java:7.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:hana_database:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-2424"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "104459"
}
],
"trust": 0.3
},
"cve": "CVE-2018-2424",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-2424",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@sap.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-2424",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-2424",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cna@sap.com",
"id": "CVE-2018-2424",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-735",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00. SAP UI5 is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nRemote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "BID",
"id": "104459"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-2424",
"trust": 2.7
},
{
"db": "BID",
"id": "104459",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006576",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "104459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"id": "VAR-201806-1433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T13:52:39.401000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "June 2018 Security Releases",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
},
{
"title": "SAP Hana DB , UI5 and UI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80900"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://launchpad.support.sap.com/#/notes/2538856"
},
{
"trust": 1.9,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104459"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2424"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-2424"
},
{
"trust": 0.3,
"url": "http://www.sap.com"
}
],
"sources": [
{
"db": "BID",
"id": "104459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "104459"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "BID",
"id": "104459"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"date": "2018-06-12T15:29:00.307000",
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "BID",
"id": "104459"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006576"
},
{
"date": "2019-10-09T23:40:05.667000",
"db": "NVD",
"id": "CVE-2018-2424"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP UI5 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "104459"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-735"
}
],
"trust": 0.9
}
}