Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Unauthorized modification of displayed content- SOAP Adapter, SAP security note 1438191

Description

SOAP Adapter Helper servlet has vulnerability to reflected Cross-Site Scripting (XSS) attacks. Attacker may specify unrecognized value of input parameter with malicious script commands and this could cause malicious script commands to execute in user’s browser.

Available fix and Supported packages

  • SAP_XIAF | 3.0 | 3.0
  • SAP_XIAF | 7.00 | 7.02
  • SAP_XIAF | 7.10 | 7.11
  • XI ADAPTER FRAMEWORK 3.0 | SP024 | 000010
  • XI ADAPTER FRAMEWORK 3.0 | SP025 | 000004
  • XI ADAPTER FRAMEWORK 3.0 | SP026 | 000004
  • XI ADAPTER FRAMEWORK 7.00 | SP018 | 000012
  • XI ADAPTER FRAMEWORK 7.00 | SP019 | 000010
  • XI ADAPTER FRAMEWORK 7.00 | SP020 | 000012
  • XI ADAPTER FRAMEWORK 7.00 | SP021 | 000010
  • XI ADAPTER FRAMEWORK 7.00 | SP022 | 000008
  • XI ADAPTER FRAMEWORK 7.00 | SP023 | 000000
  • XI ADAPTER FRAMEWORK 7.00 | SP024 | 000000
  • XI ADAPTER FRAMEWORK 7.01 | SP003 | 000003
  • XI ADAPTER FRAMEWORK 7.01 | SP004 | 000008
  • XI ADAPTER FRAMEWORK 7.01 | SP005 | 000010
  • XI ADAPTER FRAMEWORK 7.01 | SP006 | 000009
  • XI ADAPTER FRAMEWORK 7.01 | SP007 | 000004
  • XI ADAPTER FRAMEWORK 7.01 | SP008 | 000000
  • XI ADAPTER FRAMEWORK 7.01 | SP009 | 000000
  • XI ADAPTER FRAMEWORK 7.02 | SP003 | 000002
  • XI ADAPTER FRAMEWORK 7.02 | SP004 | 000003
  • XI ADAPTER FRAMEWORK 7.02 | SP005 | 000001

Affected component

    BC-XI-CON-SOP
    SOAP Adapter

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1438191

TAGS

#Reflected-Cross-Site-Scripting
#XSS
#SOAP-Adapter

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.