> [Description]
> SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is vulnerable to Content Spoofing in multiples parameters.
>
> ------------------------------------------
> CVE
> CVE-2019-0319
>
> ------------------------------------------
>
> [Impact]
> An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Content Spoofing
>
> ------------------------------------------
>
> [Vendor of Product]
> SAP
>
> ------------------------------------------
>
> [Affected Product]
> SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53
>
> ------------------------------------------
>
> [PoC]
> Tested in SAPUI5 1.0.0
> PoC:
> https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Reference]
> https://capec.mitre.org/data/definitions/148.html
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
> ------------------------------------------
>
> [Discoverer]
> Offensive0Labs - Rafael Fontes Souza