CVE-2016-3975
SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375.
Vulnerabilidad de XSS en SAP NetWeaver AS Java 7.1 hasta la versión 7.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro navigationTarget para irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, también conocida como SAP Security Note 2238375.
SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-07 CVE Reserved
- 2016-04-07 CVE Published
- 2024-05-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://erpscan.io/advisories/erpscan-16-014-sap-netweaver-7-4-navigationurltester | Third Party Advisory | |
| https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/137529/SAP-NetWeaver-AS-JAVA-7.5-Cross-Site-Scripting.html | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2016/Jun/42 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | >= 7.10 <= 7.50 Search vendor "Sap" for product "Netweaver Application Server Java" and version " >= 7.10 <= 7.50" | - |
Affected
| ||||||