> [Description] > SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is vulnerable to Content Spoofing in multiples parameters. > > ------------------------------------------ > CVE > CVE-2019-0319 > > ------------------------------------------ > > [Impact] > An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. > > ------------------------------------------ > > [VulnerabilityType Other] > Content Spoofing > > ------------------------------------------ > > [Vendor of Product] > SAP > > ------------------------------------------ > > [Affected Product] > SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 > > ------------------------------------------ > > [PoC] > Tested in SAPUI5 1.0.0 > PoC: > https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31 > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Reference] > https://capec.mitre.org/data/definitions/148.html > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319 > ------------------------------------------ > > [Discoverer] > Offensive0Labs - Rafael Fontes Souza