Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0319

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

Published

2019-07-10T19:15:10.220

Last Modified

2024-11-21T04:16:40.700

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-74
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	gateway	7.5	Yes
Application	sap	gateway	7.51	Yes
Application	sap	gateway	7.52	Yes
Application	sap	gateway	7.53	Yes
Application	sap	ui5	1.0.0	Yes

References

http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html Exploit, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/109074 Third Party Advisory, VDB Entry ([email protected])
https://cxsecurity.com/ascii/WLB-2019050283 Third Party Advisory ([email protected])
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f Exploit, Third Party Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/2752614 Permissions Required, Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/2911267 ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/109074 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://cxsecurity.com/ascii/WLB-2019050283 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2752614 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2911267 (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)