PT-2007-4756 · Sap · Sap Basis+1

Published

2007-06-29

Updated

2018-10-16

CVE-2007-3495

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP Basis component versions 700 before SP12 SAP Basis component versions 640 before SP20

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF). These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Recommendations For SAP Basis component versions 700 before SP12, update to SP12 or later to resolve the issue. For SAP Basis component versions 640 before SP20, update to SP20 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3495

Affected Products

Sap Basis

Sap Internet Communication Framework

PT-2007-4756 · Sap · Sap Basis+1

CVE-2007-3495

Related Identifiers

Affected Products

References · 8