PT-2019-4403 · Sap · Sap Ui 700+1
Publicado
2019-11-12
·
Atualizado
2019-11-20
·
CVE-2019-0388
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP UI5 versions prior to 7.5
SAP UI5 versions 7.51 through 7.54
SAP UI 700 version 2.0
Description
The issue is related to the HTTP handler of the SAP UI5 platform, which is vulnerable to authentication bypass via spoofing. This could allow a remote attacker to impact the integrity of protected information. The vulnerability is due to insufficient URL validation, allowing an attacker to manipulate content.
Recommendations
For SAP UI5 versions prior to 7.5, update to version 7.5 or later.
For SAP UI5 versions 7.51 through 7.54, update to a version outside of this range.
For SAP UI 700 version 2.0, update to a version later than 2.0.
Correção
Authentication Bypass by Spoofing
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sap Ui5
Sap Ui 700