PT-2007-4757 · Sap · Sap Java Technology Services+2

Publicado

2007-06-29

Atualizado

2018-10-16

CVE-2007-3496

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions Nw04 SP15 through SP19 SAP NetWeaver versions Nw04s SP7 through SP11 SAP Java Technology Services version 640 before SP20 SAP Web Dynpro Runtime Core Components version 700 before SP12

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Recommendations For SAP NetWeaver versions Nw04 SP15 through SP19, update to a version after SP19. For SAP NetWeaver versions Nw04s SP7 through SP11, update to a version after SP11. For SAP Java Technology Services version 640 before SP20, update to SP20 or later. For SAP Web Dynpro Runtime Core Components version 700 before SP12, update to SP12 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-3496

Produtos afetados

Sap Java Technology Services

Sap Netweaver

Sap Web Dynpro Runtime Core Components

PT-2007-4757 · Sap · Sap Java Technology Services+2

CVE-2007-3496

Identificadores relacionados

Produtos afetados

Referências · 7