SAP Gateway versions 7.53 and SAPUI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters

2019.07.15
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-74


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

> [Description] > SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is vulnerable to Content Spoofing in multiples parameters. > > ------------------------------------------ > CVE > CVE-2019-0319 > > ------------------------------------------ > > [Impact] > An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. > > ------------------------------------------ > > [VulnerabilityType Other] > Content Spoofing > > ------------------------------------------ > > [Vendor of Product] > SAP > > ------------------------------------------ > > [Affected Product] > SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 > > ------------------------------------------ > > [PoC] > Tested in SAPUI5 1.0.0 > PoC: > https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31 > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Reference] > https://capec.mitre.org/data/definitions/148.html > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319 > ------------------------------------------ > > [Discoverer] > Offensive0Labs - Rafael Fontes Souza


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top