Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-3496

Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Published

2007-06-29T18:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_nw04 sp15 Yes
Application sap netweaver_nw04 sp16 Yes
Application sap netweaver_nw04 sp17 Yes
Application sap netweaver_nw04 sp18 Yes
Application sap netweaver_nw04 sp19 Yes
Application sap netweaver_nw04s sp7 Yes
Application sap netweaver_nw04s sp8 Yes
Application sap netweaver_nw04s sp9 Yes
Application sap netweaver_nw04s sp10 Yes
Application sap netweaver_nw04s sp11 Yes
Application sap sap_basis_component_640 ≤ sp19 Yes
Application sap sap_basis_component_700 ≤ sp11 Yes
References