CVE-2019-0275

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Java Application Server versions 7.10 through 7.11 SAP NetWeaver Java Application Server version 7.20 SAP NetWeaver Java Application Server version 7.30 SAP NetWeaver Java Application Server version 7.31 SAP NetWeaver Java Application Server version 7.40 SAP NetWeaver Java Application Server version 7.50

Description The issue exists due to insufficient protection of the web page structure in the SAP NetWeaver Java Application Server. This can allow a remote attacker to inject arbitrary code into a loaded web page. The SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) issue.

Recommendations For SAP NetWeaver Java Application Server version 7.10, update to a version that includes the necessary security fixes. For SAP NetWeaver Java Application Server version 7.11, update to a version that includes the necessary security fixes. For SAP NetWeaver Java Application Server version 7.20, update to a version that includes the necessary security fixes. For SAP NetWeaver Java Application Server version 7.30, update to a version that includes the necessary security fixes. For SAP NetWeaver Java Application Server version 7.31, update to a version that includes the necessary security fixes. For SAP NetWeaver Java Application Server version 7.40, update to a version that includes the necessary security fixes. For SAP NetWeaver Java Application Server version 7.50, update to a version that includes the necessary security fixes.