Lucene search

[email protected]CVE-2009-2932

HistoryAug 21, 2009 - 8:30 p.m.

CVE-2009-2932

2009-08-2120:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-2932

cross-site scripting

xss

sap netweaver

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.

Affected configurations

NVD

Node

sapnetweaverMatch7.0

CPENameOperatorVersion
sap:netweaversap netweavereq7.0

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.0

References

osvdb.org/57000

secunia.com/advisories/36228

www.dsecrg.com/pages/vul/show.php?id=133

www.securityfocus.com/archive/1/505697/100/0/threaded

www.securityfocus.com/bid/36034

www.securitytracker.com/id?1022731

exchange.xforce.ibmcloud.com/vulnerabilities/52429

service.sap.com/sap/support/notes/1322098

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2009-2932

prion1 nvd1 cvelist1