

Rewterz Threat Advisory – CVE-2019-0271 SAP Netweaver ABAP Server XML External Entity Injection Vulnerability
March 13, 2019
Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software
March 13, 2019
Rewterz Threat Advisory – CVE-2019-0271 SAP Netweaver ABAP Server XML External Entity Injection Vulnerability
March 13, 2019
Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software
March 13, 2019Severity
Medium
Analysis Summary
SAP NetWeaver Java AS is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Impact
- Execution of arbitrary script code.
- Loss of credentials.
- Exposure of sensitive information.
Affected Products
SAP NetWeaver JAVA AS 7.50
SAP NetWeaver JAVA AS 7.40
SAP NetWeaver JAVA AS 7.31
SAP NetWeaver JAVA AS 7.30
SAP NetWeaver JAVA AS 7.20
SAP NetWeaver JAVA AS 7.11
SAP NetWeaver JAVA AS 7.10
Remediation
Vendor has not released updates or patches as of yet for this vulnerability.