Description
SOAP Adapter Helper servlet has vulnerability to reflected Cross-Site Scripting (XSS) attacks. Attacker may specify unrecognized value of input parameter with malicious script commands and this could cause malicious script commands to execute in user’s browser.
Available fix and Supported packages
- SAP_XIAF | 3.0 | 3.0
- SAP_XIAF | 7.00 | 7.02
- SAP_XIAF | 7.10 | 7.11
- XI ADAPTER FRAMEWORK 3.0 | SP024 | 000010
- XI ADAPTER FRAMEWORK 3.0 | SP025 | 000004
- XI ADAPTER FRAMEWORK 3.0 | SP026 | 000004
- XI ADAPTER FRAMEWORK 7.00 | SP018 | 000012
- XI ADAPTER FRAMEWORK 7.00 | SP019 | 000010
- XI ADAPTER FRAMEWORK 7.00 | SP020 | 000012
- XI ADAPTER FRAMEWORK 7.00 | SP021 | 000010
- XI ADAPTER FRAMEWORK 7.00 | SP022 | 000008
- XI ADAPTER FRAMEWORK 7.00 | SP023 | 000000
- XI ADAPTER FRAMEWORK 7.00 | SP024 | 000000
- XI ADAPTER FRAMEWORK 7.01 | SP003 | 000003
- XI ADAPTER FRAMEWORK 7.01 | SP004 | 000008
- XI ADAPTER FRAMEWORK 7.01 | SP005 | 000010
- XI ADAPTER FRAMEWORK 7.01 | SP006 | 000009
- XI ADAPTER FRAMEWORK 7.01 | SP007 | 000004
- XI ADAPTER FRAMEWORK 7.01 | SP008 | 000000
- XI ADAPTER FRAMEWORK 7.01 | SP009 | 000000
- XI ADAPTER FRAMEWORK 7.02 | SP003 | 000002
- XI ADAPTER FRAMEWORK 7.02 | SP004 | 000003
- XI ADAPTER FRAMEWORK 7.02 | SP005 | 000001
Affected component
- BC-XI-CON-SOP
SOAP Adapter
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1438191
