CVE-2007-3495

Name of the Vulnerable Software and Affected Versions SAP Basis component versions 700 before SP12 SAP Basis component versions 640 before SP20

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF). These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Recommendations For SAP Basis component versions 700 before SP12, update to SP12 or later to resolve the issue. For SAP Basis component versions 640 before SP20, update to SP20 or later to resolve the issue.