CVE-2019-0337

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50

Description The issue is related to insufficient encoding of user-controlled inputs, allowing an attacker to execute malicious scripts in the URL, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability. This can be exploited by a remote attacker to execute harmful scripts.

Recommendations For versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, consider implementing proper input validation and encoding to prevent malicious script execution. As a temporary workaround, restrict access to user-controlled input fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.