November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-0271 SAP Netweaver ABAP Server XML External Entity Injection Vulnerability
March 13, 2019Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software
March 13, 2019Rewterz Threat Advisory – CVE-2019-0271 SAP Netweaver ABAP Server XML External Entity Injection Vulnerability
March 13, 2019Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software
March 13, 2019
Severity
Medium
Analysis Summary
SAP NetWeaver Java AS is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Impact
- Execution of arbitrary script code.
- Loss of credentials.
- Exposure of sensitive information.
Affected Products
SAP NetWeaver JAVA AS 7.50
SAP NetWeaver JAVA AS 7.40
SAP NetWeaver JAVA AS 7.31
SAP NetWeaver JAVA AS 7.30
SAP NetWeaver JAVA AS 7.20
SAP NetWeaver JAVA AS 7.11
SAP NetWeaver JAVA AS 7.10
Remediation
Vendor has not released updates or patches as of yet for this vulnerability.