4 results (0.012 seconds)

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application. • https://launchpad.support.sap.com/#/notes/2788178 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. El controlador HTTP de SAP UI5 (corregido en SAP_UI versiones 7.5, 7.51, 7.52, 7.53, 7.54 y SAP UI_700 versión 2.0), permite a un atacante manipular el contenido debido a una comprobación de URL insuficiente. • https://launchpad.support.sap.com/#/notes/2843016 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. En ciertas condiciones, SAP UI5 Handler permite que un atacante acceda a información que normalmente estaría restringida. Los componentes de software afectados son: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 y la versión 2.0 de SAP UI para SAP NetWeaver 7.00. • http://www.securityfocus.com/bid/104446 https://launchpad.support.sap.com/#/notes/2621121 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 SAP UI5 no validó las entradas de usuario antes de añadirlas a la estructura DOM. Esto podría conducir a que se añada al DOM código JavaScript malicioso proporcionado por el usuario que podría robar información del usuario. Los componentes de software afectados son: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52 y la versión 2.0 de SAP UI para SAP NetWeaver 7.00 • http://www.securityfocus.com/bid/104459 https://launchpad.support.sap.com/#/notes/2538856 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 • CWE-20: Improper Input Validation •