CVE-2007-3496
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Dynpro Java (BC-WD-JAV) en SAP NetWeaver Nw04 SP15 hasta SP19 y Nw04s SP7 hasta SP11, también conocido como SAP Java TEchnology Services 640 anterior a SP20 y SAP Web Dynpro Runtime Core Components 700 anterior a SP12, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera HTTP User-Agent.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-29 CVE Reserved
- 2007-06-29 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37748 | Vdb Entry | |
| http://secunia.com/advisories/25866 | Third Party Advisory | |
| http://securityreason.com/securityalert/2850 | Third Party Advisory | |
| http://www.csnc.ch/advisory/sap01.html | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/472341/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2007/2381 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Nw04 Search vendor "Sap" for product "Netweaver Nw04" | sp15 Search vendor "Sap" for product "Netweaver Nw04" and version "sp15" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04 Search vendor "Sap" for product "Netweaver Nw04" | sp16 Search vendor "Sap" for product "Netweaver Nw04" and version "sp16" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04 Search vendor "Sap" for product "Netweaver Nw04" | sp17 Search vendor "Sap" for product "Netweaver Nw04" and version "sp17" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04 Search vendor "Sap" for product "Netweaver Nw04" | sp18 Search vendor "Sap" for product "Netweaver Nw04" and version "sp18" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04 Search vendor "Sap" for product "Netweaver Nw04" | sp19 Search vendor "Sap" for product "Netweaver Nw04" and version "sp19" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04s Search vendor "Sap" for product "Netweaver Nw04s" | sp7 Search vendor "Sap" for product "Netweaver Nw04s" and version "sp7" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04s Search vendor "Sap" for product "Netweaver Nw04s" | sp8 Search vendor "Sap" for product "Netweaver Nw04s" and version "sp8" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04s Search vendor "Sap" for product "Netweaver Nw04s" | sp9 Search vendor "Sap" for product "Netweaver Nw04s" and version "sp9" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04s Search vendor "Sap" for product "Netweaver Nw04s" | sp10 Search vendor "Sap" for product "Netweaver Nw04s" and version "sp10" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Nw04s Search vendor "Sap" for product "Netweaver Nw04s" | sp11 Search vendor "Sap" for product "Netweaver Nw04s" and version "sp11" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sap Basis Component 640 Search vendor "Sap" for product "Sap Basis Component 640" | <= sp19 Search vendor "Sap" for product "Sap Basis Component 640" and version " <= sp19" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sap Basis Component 700 Search vendor "Sap" for product "Sap Basis Component 700" | <= sp11 Search vendor "Sap" for product "Sap Basis Component 700" and version " <= sp11" | - |
Affected
| ||||||