PT-2014-5711 · Sap · Sap Netweaver Business Client

Publicado

2014-06-13

Atualizado

2014-06-21

CVE-2014-4160

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Business Client (NWBC) (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node of SAP NetWeaver Business Client (NWBC). These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the title or sap-accessibility parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-4160

Produtos afetados

Sap Netweaver Business Client

PT-2014-5711 · Sap · Sap Netweaver Business Client

CVE-2014-4160

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5