← voltar
CVE-2025-0057

Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

CVSS 4.8 MEDIUMEPSS 0.2%CWE-434
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
SAP_SE · SAP NetWeaver AS JAVA (User Admin Application)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3514421https://url.sap/sapsecuritypatchday