CVE-2019-0316

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration versions 7.10 through 7.11 SAP NetWeaver Process Integration version 7.20 SAP NetWeaver Process Integration version 7.30 SAP NetWeaver Process Integration version 7.31 SAP NetWeaver Process Integration version 7.40 SAP NetWeaver Process Integration version 7.50

Description The issue is related to insufficient validation of user-controlled inputs, allowing an attacker with admin privileges to inject malicious scripts in certain servlets. This can lead to reflected Cross Site Scripting, enabling the attacker to read and modify data from the victim's browser when the victim clicks on malicious links. The vulnerability can be exploited remotely, allowing for cross-site scripting attacks.

Recommendations For SAP NetWeaver Process Integration version 7.10, update to a version that includes input validation to prevent Cross Site Scripting attacks. For SAP NetWeaver Process Integration version 7.11, update to a version that includes input validation to prevent Cross Site Scripting attacks. For SAP NetWeaver Process Integration version 7.20, update to a version that includes input validation to prevent Cross Site Scripting attacks. For SAP NetWeaver Process Integration version 7.30, update to a version that includes input validation to prevent Cross Site Scripting attacks. For SAP NetWeaver Process Integration version 7.31, update to a version that includes input validation to prevent Cross Site Scripting attacks. For SAP NetWeaver Process Integration version 7.40, update to a version that includes input validation to prevent Cross Site Scripting attacks. For SAP NetWeaver Process Integration version 7.50, update to a version that includes input validation to prevent Cross Site Scripting attacks. As a temporary workaround, consider restricting access to the vulnerable servlets until a patch is available.