FKIE_CVE-2019-0319

Vulnerability from fkie_nvd - Published: 2019-07-10 19:15 - Updated: 2024-11-21 04:16
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
References
cna@sap.comhttp://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.htmlExploit, Third Party Advisory
cna@sap.comhttp://www.securityfocus.com/bid/109074Third Party Advisory, VDB Entry
cna@sap.comhttps://cxsecurity.com/ascii/WLB-2019050283Third Party Advisory
cna@sap.comhttps://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55fExploit, Third Party Advisory
cna@sap.comhttps://launchpad.support.sap.com/#/notes/2752614Permissions Required, Vendor Advisory
cna@sap.comhttps://launchpad.support.sap.com/#/notes/2911267
cna@sap.comhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/109074Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://cxsecurity.com/ascii/WLB-2019050283Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55fExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchpad.support.sap.com/#/notes/2752614Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchpad.support.sap.com/#/notes/2911267
af854a3a-2127-422b-91ae-364da2661108https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575Vendor Advisory
Impacted products
Vendor Product Version
sap gateway 7.5
sap gateway 7.51
sap gateway 7.52
sap gateway 7.53
sap ui5 1.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55156CCE-56A8-43FD-87C3-1A4849656FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "1165027E-EAC9-4163-B2BC-0FD2E76D1665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "014A32BF-E695-4382-AE81-0209846FA99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E8220FC-05F3-4BE7-AF38-3BD917C5631A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A38FF70-E888-4768-82A8-3A44620F1F6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
    },
    {
      "lang": "es",
      "value": "SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podr\u00eda enga\u00f1ar a un usuario para que crea que esta informaci\u00f3n es de servicio leg\u00edtimo cuando no lo es."
    }
  ],
  "id": "CVE-2019-0319",
  "lastModified": "2024-11-21T04:16:40.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-10T19:15:10.220",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109074"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/ascii/WLB-2019050283"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2752614"
    },
    {
      "source": "cna@sap.com",
      "url": "https://launchpad.support.sap.com/#/notes/2911267"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/109074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cxsecurity.com/ascii/WLB-2019050283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2752614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.support.sap.com/#/notes/2911267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        },
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.