SAP Netweaver 6.40-7.0 Cross-Site-Scripting

2008.04.16
Credit: Jaime Blasco
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Title: SAP Netweaver 6.40-7.0 Persistent Cross-Site-Scripting Author: Jaime Blasco (at) aitsec.com http://www.aitsec.com Description: SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of files, input passed to the content of these feedbacks is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site Solution: This issue can be solved activating "Secure Editing" in Portal (System Configuration -> System Configuration -> Knowledge management (in detailed Navigation) -> Utilities -> Editing -> HTML Editing) Hence this issue can be solved via configuration - for more details see http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a 1553f7/frameset.htm NetWeaver 04 (6.40) SP17: http://help.sap.com/saphelp_nw04/helpdata/en/44/4d3ef6b5ac2152e10000000a 114a6b/frameset.htm NetWeaver 7.0 SP8: http://help.sap.com/saphelp_nw70/helpdata/EN/44/4cd511c6233f8ee10000000a 1553f7/frameset.htm As of NetWeaver 7.0 SP15 the secure editor is on by default (SAP note 1110597: https://service.sap.com/sap/support/notes/1110597) Timeline: * March 11: Initial contact. * March 12: Confirmed * April 5: Vendor response Original Advisory: http://www.aitsec.com/vulnerability-SAP-Netweaver-6.40-7.0-Cross-Site-Sc ripting.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top