Description
There is a Reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end user’s browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.
Available fix and Supported packages
- CAF | 7.20 | 7.20
- CAF | 7.30 | 7.30
- CAF | 7.31 | 7.31
- CAF | 7.40 | 7.40
- CAF | 7.50 | 7.50
- SAP CAF 7.20 | SP009 | 000004
- SAP CAF 7.30 | SP019 | 000001
- SAP CAF 7.30 | SP020 | 000001
- SAP CAF 7.30 | SP021 | 000000
- SAP CAF 7.31 | SP024 | 000001
- SAP CAF 7.31 | SP025 | 000001
- SAP CAF 7.31 | SP026 | 000001
- SAP CAF 7.31 | SP027 | 000001
- SAP CAF 7.31 | SP028 | 000000
- SAP CAF 7.40 | SP019 | 000001
- SAP CAF 7.40 | SP020 | 000001
- SAP CAF 7.40 | SP021 | 000001
- SAP CAF 7.40 | SP022 | 000001
- SAP CAF 7.40 | SP023 | 000000
- SAP CAF 7.50 | SP014 | 000001
- SAP CAF 7.50 | SP015 | 000001
- SAP CAF 7.50 | SP016 | 000001
- SAP CAF 7.50 | SP017 | 000001
- SAP CAF 7.50 | SP018 | 000001
- SAP CAF 7.50 | SP019 | 000001
- SAP CAF 7.50 | SP020 | 000000
Affected component
- BC-DWB-JAV-CAF
Composite Application Framework
CVSS
Score: 8.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2972661
