CVE-2015-6663

Name of the Vulnerable Software and Affected Versions SAP Afaria version 7

Description The issue exists due to insufficient protection of the web page structure in the Device Inspector page of the SAP Afaria mobile device management program. This allows a remote attacker to inject arbitrary HTML code using a specially crafted request. The vulnerability can be exploited by injecting arbitrary web script or HTML via crafted client name data in the Client form on the Device Inspector page.

Recommendations For SAP Afaria version 7, consider restricting access to the Device Inspector page until a fix is available. As a temporary workaround, avoid using specially crafted client name data in the Client form to minimize the risk of exploitation.