var-202304-0812
Vulnerability from variot
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker. SAP of SAP NetWeaver and SAP Netweaver Application Server ABAP Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0812", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.54" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.53" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.77" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "krnl64uc" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.22" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.81" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.89" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "krnl64uc_7.22" }, { "model": "netweaver", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.22ext" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.91" }, { "model": "netweaver application server abap", "scope": "eq", "trust": 1.0, "vendor": "sap", "version": "7.85" }, { "model": "netweaver", "scope": null, "trust": 0.8, "vendor": "sap", "version": null }, { "model": "netweaver application server abap", "scope": null, "trust": 0.8, "vendor": "sap", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "db": "NVD", "id": "CVE-2023-27499" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.22ext:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.89:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.91:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-27499" } ] }, "cve": "CVE-2023-27499", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-27499", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-27499", "trust": 1.8, "value": "MEDIUM" }, { "author": "cna@sap.com", "id": "CVE-2023-27499", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202304-708", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "db": "NVD", "id": "CVE-2023-27499" }, { "db": "NVD", "id": "CVE-2023-27499" }, { "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user\u0027s browser. The information from the victim\u0027s web browser can either be modified or read and sent to the attacker. SAP of SAP NetWeaver and SAP Netweaver Application Server ABAP Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with", "sources": [ { "db": "NVD", "id": "CVE-2023-27499" }, { "db": "JVNDB", "id": "JVNDB-2023-007137" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-27499", "trust": 3.2 }, { "db": "JVNDB", "id": "JVNDB-2023-007137", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202304-708", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "db": "NVD", "id": "CVE-2023-27499" }, { "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "id": "VAR-202304-0812", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.27111164 }, "last_update_date": "2023-12-18T13:26:40.927000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SAP GUI Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234165" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "db": "NVD", "id": "CVE-2023-27499" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" }, { "trust": 1.6, "url": "https://launchpad.support.sap.com/#/notes/3275458" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27499" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-27499/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "db": "NVD", "id": "CVE-2023-27499" }, { "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "db": "NVD", "id": "CVE-2023-27499" }, { "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "date": "2023-04-11T03:15:07.547000", "db": "NVD", "id": "CVE-2023-27499" }, { "date": "2023-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-17T06:52:00", "db": "JVNDB", "id": "JVNDB-2023-007137" }, { "date": "2023-04-18T16:02:19.700000", "db": "NVD", "id": "CVE-2023-27499" }, { "date": "2023-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-708" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-708" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SAP\u00a0 of \u00a0SAP\u00a0NetWeaver\u00a0 and \u00a0SAP\u00a0Netweaver\u00a0Application\u00a0Server\u00a0ABAP\u00a0 Cross-site scripting vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007137" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-708" } ], "trust": 0.6 } }
Loading...