Lucene search

[email protected]NVD:CVE-2019-0245

HistoryJan 08, 2019 - 8:29 p.m.

CVE-2019-0245

2019-01-0820:29:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.1%

JSON

SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected configurations

Nvd

Node

sapcustomer_relationship_management_webclient_uiMatch7.31

sapcustomer_relationship_management_webclient_uiMatch7.46

sapcustomer_relationship_management_webclient_uiMatch7.47

sapcustomer_relationship_management_webclient_uiMatch7.48

sapcustomer_relationship_management_webclient_uiMatch8.00

sapcustomer_relationship_management_webclient_uiMatch8.01

Node

saps4fndMatch1.02

Node

sapsapscoreMatch1.12

VendorProductVersionCPE
sapcustomer_relationship_management_webclient_ui7.31cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:*:*:*:*:*:*:*
sapcustomer_relationship_management_webclient_ui7.46cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:*:*:*:*:*:*:*
sapcustomer_relationship_management_webclient_ui7.47cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:*:*:*:*:*:*:*
sapcustomer_relationship_management_webclient_ui7.48cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:*:*:*:*:*:*:*
sapcustomer_relationship_management_webclient_ui8.00cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:*:*:*:*:*:*:*
sapcustomer_relationship_management_webclient_ui8.01cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:*:*:*:*:*:*:*
saps4fnd1.02cpe:2.3:a:sap:s4fnd:1.02:*:*:*:*:*:*:*
sapsapscore1.12cpe:2.3:a:sap:sapscore:1.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	customer_relationship_management_webclient_ui	7.31	cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.31:::::::*
sap	customer_relationship_management_webclient_ui	7.46	cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.46:::::::*
sap	customer_relationship_management_webclient_ui	7.47	cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.47:::::::*
sap	customer_relationship_management_webclient_ui	7.48	cpe:2.3:a:sap:customer_relationship_management_webclient_ui:7.48:::::::*
sap	customer_relationship_management_webclient_ui	8.00	cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.00:::::::*
sap	customer_relationship_management_webclient_ui	8.01	cpe:2.3:a:sap:customer_relationship_management_webclient_ui:8.01:::::::*
sap	s4fnd	1.02	cpe:2.3:a:sap:s4fnd:1.02:::::::*
sap	sapscore	1.12	cpe:2.3:a:sap:sapscore:1.12:::::::*

References

www.securityfocus.com/bid/106468

launchpad.support.sap.com/#/notes/2588763

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

26.1%

JSON

Related for NVD:CVE-2019-0245

cvelist1 cve1 prion1