ID
VAR-201007-0623
TITLE
SAP NetWeaver System Landscape Directory Multiple Cross Site Scripting Vulnerabilities
Trust: 0.3
DESCRIPTION
The System Landscape Directory of SAP NetWeaver is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetWeaver 6.4 through 7.02 are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.02 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.01 | Trust: 0.3 |
| vendor: | sap | model: | netweaver sp8 | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sap | model: | netweaver sp15 | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | sap | model: | netweaver | scope: | eq | version: | 6.4 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 41913 | Trust: 0.3 |
REFERENCES
| url: | http://dsecrg.com/pages/vul/show.php?id=168 | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/1416047 | Trust: 0.3 |
| url: | http://www.sap.com/ | Trust: 0.3 |
| url: | http://help.sap.com/saphelp_nw04s/helpdata/en/31/f0ff69551e4f259fdad799a229363e/content.htm | Trust: 0.3 |
| url: | /archive/1/512585 | Trust: 0.3 |
CREDITS
Alexander Polyakov, Alexey Troshichev, Digital Security Research Group [DSecRG]
Trust: 0.3
SOURCES
| db: | BID | id: | 41913 |
LAST UPDATE DATE
2022-05-17T01:46:48.351000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 41913 | date: | 2010-07-13T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 41913 | date: | 2010-07-13T00:00:00 |