SAP UI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters

2019.05.27
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

> [Suggested description] > SAPUI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters. > > ------------------------------------------ > > [Additional Information] > https://imgur.com/a/EUf4KN3 > > ------------------------------------------ > > [VulnerabilityType Other] > Content Spoofing > > ------------------------------------------ > > [Vendor of Product] > SAP > > ------------------------------------------ > > [Affected Product Code Base] > SAPUI5 - 1.0.0 > > ------------------------------------------ > > [Affected Component] > SAPUI5 1.0.0 > > PoC: > https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31 > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Attack Vectors] > https://imgur.com/a/EUf4KN3 > > ------------------------------------------ > > [Reference] > https://capec.mitre.org/data/definitions/148.html > > ------------------------------------------ > > [Discoverer] > Offensive0Labs - Rafael Fontes Souza

References:

PoC:
https://imgur.com/a/EUf4KN3
Em ter, 27 de nov de 2018 às 04:44, Secure@sap.com <Secure@sap.com> escreveu: Hi Rafael, You will receive credits on our acknowledgement page. You can find more about SAP disclosure guidelines here :
https://wiki.scn.sap.com/wiki/display/PSR/Disclosure+Guidelines+for+SAP+Security+Advisories
Regards, Ruchika Singh mailto:secure@sap.com Public PGP key:
https://www.sap.com/dmc/policies/pgp/keyblock.txt
www.sap.com Mandatory Disclosure Statements:
http://www.sap.com/company/legal/impressum.epx


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top