2 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. SAP UI5, versiones anteriores a: 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, permite a un atacante no autenticado redireccionar a usuarios a un sitio malicioso debido a vulnerabilidades de tipo Tabnabbing Inverso • https://launchpad.support.sap.com/#/notes/3014303 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 9%CPEs: 5EXPL: 2

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podría engañar a un usuario para que crea que esta información es de servicio legítimo cuando no lo es. • http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html http://www.securityfocus.com/bid/109074 https://cxsecurity.com/ascii/WLB-2019050283 https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f https://launchpad.support.sap.com/#/notes/2752614 https://launchpad.support.sap.com/#/notes/2911267 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •