PT-2016-5807 · Sap · Sap Manufacturing Integration/Intelligence

Nursultan Abubakirov

Published

2016-04-14

Updated

2018-12-10

CVE-2016-4016

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Manufacturing Integration and Intelligence versions 15

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the title parameter to the "webdynpro/resources/sap.com/xapps~~xmii~~ui~~admin~~navigation/NavigationApplication" API endpoint.

Recommendations For version 15, update to a version that includes the fix for SAP Security Note 2201295 to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-4016

Affected Products

Sap Manufacturing Integration/Intelligence

PT-2016-5807 · Sap · Sap Manufacturing Integration/Intelligence

CVE-2016-4016

Weakness Enumeration

Related Identifiers

Affected Products

References · 6