SAP Web Application Server XSS Security Vulnerability

2008.05.24
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru) Description *********** SAP Web Application Server system has Linked XSS security vulnerability Details ******* Linked XSS vulnerability found in URL /sap/bc/gui/sap/its/webgui/ attacker can inject XSS in URL string also Web Dynpro ABAP and for BSP are vulnerable. Example: http://[server]:8000/sap/bc/gui/sap/its/webgui/aaaaaaa"><img/src=javascr ipt:alert('DSECRG_XSS')> --------------------------------------------------------------------- Fix Information *************** The issue has been solved in the ICF system login and as such it is not only relevant for the Web GUI, but also for Web Dynpro ABAP and for BSP Customers can download patches following the solution is documented in SAP note 1136770 About ***** Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website. Contact: research [at] dsec [dot] ru http://www.dsec.ru


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top