Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2019-0316
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability..
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 3.5/10
- Exploit Score
- 6.8/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- Single
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- None
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 4.8/10
- Exploit Score
- 1.7/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- High
- Impact Score
- 2.7/10
- Confidentiality Impact
- Low
- Availability Impact
- None
- Integrity Impact
- Low
- Scope
- Changed
- User Interaction
- Required
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:* |
Yes
|
- | - |