SAP Enterprise Portal and Clients Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks

2017.09.27
Credit: Imran Khan
Risk: Medium
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Date: Sep 27 2017 Severity Rating: CVSS v3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Fix Available: Yes Vendor Confirmed: Yes Version(s): SAP Enterprise Portal 7.50 and prior Description: A vulnerability was reported in SAP Enterprise Portal (EP) and Clients. A remote user can conduct cross-site scripting attacks. The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the SAP Enterprise Portal (EP) and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the SAP Enterprise Portal, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

References:

Web Dynpro Java -
https://launchpad.support.sap.com/#/notes/2469860
SAPGUI for HTML-
https://launchpad.support.sap.com/#/notes/2471209
Web Dynpro ABAP -
https://launchpad.support.sap.com/#/notes/2488516


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top