PT-2010-4392 · Sap · Sap Netweaver

Published

2010-07-28

Updated

2017-08-17

CVE-2010-2904

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions 6.4 through 7.02

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the action parameter to testsdic and the helpstring parameter to paramhelp.jsp are vulnerable.

Recommendations For SAP NetWeaver versions 6.4 through 7.02, consider restricting access to the testsdic and paramhelp.jsp endpoints until a fix is available. As a temporary workaround, avoid using the action parameter in the testsdic endpoint and the helpstring parameter in the paramhelp.jsp endpoint.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-2904

Affected Products

Sap Netweaver

PT-2010-4392 · Sap · Sap Netweaver

CVE-2010-2904

Weakness Enumeration

Related Identifiers

Affected Products

References · 9