Vulnerability CVE-2007-3496

Vulnerability CVE-2007-3496

Published: 2007-06-29 Modified: 2012-02-12

Description:

Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

See advisories in our WLB2 database:

	Topic	Author	Date
Low	SAP Web Dynpro Java (BC-WD-JAV) Vulnerability	Cyrill Brunschwi...	03.07.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
SAP -> Netweaver nw04
SAP -> Netweaver nw04s
SAP -> Sap basis component 640
SAP -> Sap basis component 700

References:

http://securityreason.com/securityalert/2850

http://www.csnc.ch/advisory/sap01.html

http://www.securityfocus.com/archive/1/472341/100/0/threaded

http://www.vupen.com/english/advisories/2007/2381

Copyright 2024, cxsecurity.com