CVE-2019-0305

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration versions 7.10 through 7.11 SAP NetWeaver Process Integration version 7.20 SAP NetWeaver Process Integration version 7.30 SAP NetWeaver Process Integration version 7.31 SAP NetWeaver Process Integration version 7.40 SAP NetWeaver Process Integration version 7.50

Description: The issue arises from the failure of Java Server Pages (JSPs) to properly restrict frame objects or UI layers from other applications or domains, leading to a Clickjacking issue. This can result in the unwanted modification of a user's data if the vulnerability is successfully exploited.

Recommendations: For SAP NetWeaver Process Integration versions 7.10 through 7.11, update the JSPs to properly restrict frame objects or UI layers. For SAP NetWeaver Process Integration version 7.20, update the JSPs to properly restrict frame objects or UI layers. For SAP NetWeaver Process Integration version 7.30, update the JSPs to properly restrict frame objects or UI layers. For SAP NetWeaver Process Integration version 7.31, update the JSPs to properly restrict frame objects or UI layers. For SAP NetWeaver Process Integration version 7.40, update the JSPs to properly restrict frame objects or UI layers. For SAP NetWeaver Process Integration version 7.50, update the JSPs to properly restrict frame objects or UI layers.