CVE-2014-1965

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions 3.0, 7.00 through 7.02, 7.10 through 7.11

Description The issue is related to a cross-site scripting (XSS) vulnerability in the ISpeakAdapter component of the SAP Exchange Infrastructure. This vulnerability allows remote attackers to inject arbitrary web script or HTML via specific vectors related to PIP.

Recommendations For versions 3.0, 7.00 through 7.02, and 7.10 through 7.11, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the ISpeakAdapter component in the Integration Repository until a patch is available.