Lucene search

[email protected]CVE-2007-3495

HistoryJun 29, 2007 - 6:30 p.m.

CVE-2007-3495

2007-06-2918:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3495

sap

xss

vulnerabilities

security

nvd

sp12

sp20

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Affected configurations

NVD

Node

sapsap_basis_component_640Range≤sp19

sapsap_basis_component_700Range≤sp11

CPENameOperatorVersion
sap:sap_basis_component_640sap sap basis component 640lesp19
sap:sap_basis_component_700sap sap basis component 700lesp11

CPE	Name	Operator	Version
sap:sap_basis_component_640	sap sap basis component 640	le	sp19
sap:sap_basis_component_700	sap sap basis component 700	le	sp11

References

osvdb.org/37749

secunia.com/advisories/25866

securityreason.com/securityalert/2849

www.csnc.ch/advisory/sap02.html

www.securityfocus.com/archive/1/472345/100/0/threaded

www.vupen.com/english/advisories/2007/2381

exchange.xforce.ibmcloud.com/vulnerabilities/35107

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2007-3495

prion1 cvelist1 nvd1