CVE-2007-3496

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions Nw04 SP15 through SP19 SAP NetWeaver versions Nw04s SP7 through SP11 SAP Java Technology Services version 640 before SP20 SAP Web Dynpro Runtime Core Components version 700 before SP12

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Recommendations For SAP NetWeaver versions Nw04 SP15 through SP19, update to a version after SP19. For SAP NetWeaver versions Nw04s SP7 through SP11, update to a version after SP11. For SAP Java Technology Services version 640 before SP20, update to SP20 or later. For SAP Web Dynpro Runtime Core Components version 700 before SP12, update to SP12 or later.