CVE-2007-3495
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.
Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SAP Internet Communication Framework (BC-MID-ICF) en el componente de SAP Basis 700 anterior a SP12, y 640 anterior a SP20, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante ciertos parámetros asociados con la página de error por defecto del inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-29 CVE Reserved
- 2007-06-29 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37749 | Vdb Entry | |
| http://secunia.com/advisories/25866 | Third Party Advisory | |
| http://securityreason.com/securityalert/2849 | Third Party Advisory | |
| http://www.csnc.ch/advisory/sap02.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/472345/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2007/2381 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35107 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Sap Basis Component 640 Search vendor "Sap" for product "Sap Basis Component 640" | <= sp19 Search vendor "Sap" for product "Sap Basis Component 640" and version " <= sp19" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sap Basis Component 700 Search vendor "Sap" for product "Sap Basis Component 700" | <= sp11 Search vendor "Sap" for product "Sap Basis Component 700" and version " <= sp11" | - |
Affected
| ||||||