CVE-2019-0316
CVE-2019-0316
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 jun 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.
Productos afectados
SAP SE · SAP NetWeaver Process Integration(SAP_XIESR)SAP SE · SAP NetWeaver Process Integration(SAP_XITOOL)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →