Description
Java Proxy Runtime (JPR) Transport servlet has vulnerability to reflected Cross-Site Scripting (XSS) attacks.
Attacker may specify unknown value of parameters with malicious
script commands and this could cause malicious script commands to execute in user’s browser.
Available fix and Supported packages
- SAP_XIAF | 7.00 | 7.02
- SAP_XIAF | 7.10 | 7.11
- SAP-XIAFC | 3.0 | 3.0
- SAP-XIAFC | 7.00 | 7.02
- XI ADAPTER FRAMEWORK 7.00 | SP018 | 000012
- XI ADAPTER FRAMEWORK 7.00 | SP019 | 000006
- XI ADAPTER FRAMEWORK 7.00 | SP020 | 000005
- XI ADAPTER FRAMEWORK 7.00 | SP021 | 000003
- XI ADAPTER FRAMEWORK 7.00 | SP022 | 000000
- XI ADAPTER FRAMEWORK 7.01 | SP003 | 000003
- XI ADAPTER FRAMEWORK 7.01 | SP004 | 000005
- XI ADAPTER FRAMEWORK 7.01 | SP005 | 000002
- XI ADAPTER FRAMEWORK 7.01 | SP006 | 000001
- XI ADAPTER FRAMEWORK 7.01 | SP007 | 000000
- XI ADAPTER FRAMEWORK 7.02 | SP004 | 000000
- XI ADAPTER FRAMEWORK 7.10 | SP006 | 000040
- XI ADAPTER FRAMEWORK 7.10 | SP007 | 000043
- XI ADAPTER FRAMEWORK 7.10 | SP008 | 000023
- XI ADAPTER FRAMEWORK 7.10 | SP009 | 000007
- XI ADAPTER FRAMEWORK 7.10 | SP010 | 000000
- XI ADAPTER FRAMEWORK 7.11 | SP001 | 000024
- XI ADAPTER FRAMEWORK 7.11 | SP002 | 000019
- XI ADAPTER FRAMEWORK 7.11 | SP003 | 000017
- XI ADAPTER FRAMEWORK 7.11 | SP004 | 000006
Affected component
- BC-XI-CON-JPR
Java Proxy Runtime
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1440336
