CVE-2019-0298

EPSS 1.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 May 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54.

Affected products

SAP SE · SAP E-Commerce (SAP-CRMJAV, SAP-CRMWEB, SAP-SHRWEB, SAP-SHRJAV, SAP-CRMAPP, SAP-SHRAPP)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/2773086 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 http://www.securityfocus.com/bid/108314