CVE-2019-0319
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podría engañar a un usuario para que crea que esta información es de servicio legítimo cuando no lo es.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-11-26 CVE Reserved
- 2019-07-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/109074 | Third Party Advisory | |
| https://cxsecurity.com/ascii/WLB-2019050283 | Third Party Advisory | |
| https://launchpad.support.sap.com/#/notes/2911267 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Gateway Search vendor "Sap" for product "Gateway" | 7.5 Search vendor "Sap" for product "Gateway" and version "7.5" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Gateway Search vendor "Sap" for product "Gateway" | 7.51 Search vendor "Sap" for product "Gateway" and version "7.51" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Gateway Search vendor "Sap" for product "Gateway" | 7.52 Search vendor "Sap" for product "Gateway" and version "7.52" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Gateway Search vendor "Sap" for product "Gateway" | 7.53 Search vendor "Sap" for product "Gateway" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Ui5 Search vendor "Sap" for product "Ui5" | 1.0.0 Search vendor "Sap" for product "Ui5" and version "1.0.0" | - |
Affected
| ||||||