Lucene search

MitreCVE-2007-3496

HistoryJun 29, 2007 - 6:30 p.m.

CVE-2007-3496

2007-06-2918:30:00

mitre

web.nvd.nist.gov

sap

web dynpro

java

xss

vulnerability

netweaver

nw04

nvd

security

sap java technology services

sap web dynpro runtime core components

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.6%

JSON

Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Affected configurations

Nvd

Node

sapnetweaver_nw04Matchsp15

sapnetweaver_nw04Matchsp16

sapnetweaver_nw04Matchsp17

sapnetweaver_nw04Matchsp18

sapnetweaver_nw04Matchsp19

sapnetweaver_nw04sMatchsp7

sapnetweaver_nw04sMatchsp8

sapnetweaver_nw04sMatchsp9

sapnetweaver_nw04sMatchsp10

sapnetweaver_nw04sMatchsp11

sapsap_basis_component_640Range≤sp19

sapsap_basis_component_700Range≤sp11

VendorProductVersionCPE
sapnetweaver_nw04sp15cpe:2.3:a:sap:netweaver_nw04:sp15:*:*:*:*:*:*:*
sapnetweaver_nw04sp16cpe:2.3:a:sap:netweaver_nw04:sp16:*:*:*:*:*:*:*
sapnetweaver_nw04sp17cpe:2.3:a:sap:netweaver_nw04:sp17:*:*:*:*:*:*:*
sapnetweaver_nw04sp18cpe:2.3:a:sap:netweaver_nw04:sp18:*:*:*:*:*:*:*
sapnetweaver_nw04sp19cpe:2.3:a:sap:netweaver_nw04:sp19:*:*:*:*:*:*:*
sapnetweaver_nw04ssp7cpe:2.3:a:sap:netweaver_nw04s:sp7:*:*:*:*:*:*:*
sapnetweaver_nw04ssp8cpe:2.3:a:sap:netweaver_nw04s:sp8:*:*:*:*:*:*:*
sapnetweaver_nw04ssp9cpe:2.3:a:sap:netweaver_nw04s:sp9:*:*:*:*:*:*:*
sapnetweaver_nw04ssp10cpe:2.3:a:sap:netweaver_nw04s:sp10:*:*:*:*:*:*:*
sapnetweaver_nw04ssp11cpe:2.3:a:sap:netweaver_nw04s:sp11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_nw04	sp15	cpe:2.3:a:sap:netweaver_nw04:sp15:::::::*
sap	netweaver_nw04	sp16	cpe:2.3:a:sap:netweaver_nw04:sp16:::::::*
sap	netweaver_nw04	sp17	cpe:2.3:a:sap:netweaver_nw04:sp17:::::::*
sap	netweaver_nw04	sp18	cpe:2.3:a:sap:netweaver_nw04:sp18:::::::*
sap	netweaver_nw04	sp19	cpe:2.3:a:sap:netweaver_nw04:sp19:::::::*
sap	netweaver_nw04s	sp7	cpe:2.3:a:sap:netweaver_nw04s:sp7:::::::*
sap	netweaver_nw04s	sp8	cpe:2.3:a:sap:netweaver_nw04s:sp8:::::::*
sap	netweaver_nw04s	sp9	cpe:2.3:a:sap:netweaver_nw04s:sp9:::::::*
sap	netweaver_nw04s	sp10	cpe:2.3:a:sap:netweaver_nw04s:sp10:::::::*
sap	netweaver_nw04s	sp11	cpe:2.3:a:sap:netweaver_nw04s:sp11:::::::*

Rows per page:

1-10 of 121

References

osvdb.org/37748

secunia.com/advisories/25866

securityreason.com/securityalert/2850

www.csnc.ch/advisory/sap01.html

www.securityfocus.com/archive/1/472341/100/0/threaded

www.vupen.com/english/advisories/2007/2381

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

78.6%

JSON

Related for CVE-2007-3496