Skip links

Cross-Site Scripting (XSS) vulnerability in Unified Rendering / SAP GUI for HTML, SAP security note 2374661

Description

Unified Rendering does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Some well-known impacts of XSS vulnerability are –

  • non-permanently deface or modify displayed content from a Web site
  • steal authentication information of the user, such as data relating to his or her current session
  • impersonate the user and access all information with the same rights as the target user 

Available fix and Supported packages

  • KRNL64NUC | 7.42 | 7.42
  • KRNL64NUC | 7.22 | 7.22
  • KRNL64NUC | 7.22EXT | 7.22EXT
  • KRNL64NUC | 7.49 | 7.49
  • KRNL64UC | 7.42 | 7.42
  • KRNL64UC | 7.22 | 7.22
  • KRNL64UC | 7.22EXT | 7.22EXT
  • KRNL64UC | 7.49 | 7.49
  • AJAX-RUNTIME | 7.20 | 7.20
  • AJAX-RUNTIME | 7.30 | 7.30
  • AJAX-RUNTIME | 7.31 | 7.31
  • AJAX-RUNTIME | 7.40 | 7.40
  • AJAX-RUNTIME | 7.50 | 7.50
  • KERNEL | 7.22 | 7.22
  • KERNEL | 7.42 | 7.42
  • KERNEL | 7.45 | 7.45
  • KERNEL | 7.48 | 7.48
  • KERNEL | 7.49 | 7.49
  • KERNEL | 7.50 | 7.50
  • KERNEL | 7.51 | 7.51
  • JAVA FRAMEWORK OFFLINE 7.10 | SP022 | 000000
  • JAVA FRAMEWORK OFFLINE 7.11 | SP017 | 000000
  • JAVA FRAMEWORK OFFLINE 7.20 | SP009 | 000021
  • SAP KERNEL 7.22 64-BIT | SP216 | 000216
  • SAP KERNEL 7.22 64-BIT UNICODE | SP216 | 000216
  • SAP KERNEL 7.22 EXT 64-BIT | SP216 | 000216
  • SAP KERNEL 7.22 EXT 64-BIT UC | SP216 | 000216
  • SAP KERNEL 7.42 64-BIT | SP436 | 000436
  • SAP KERNEL 7.42 64-BIT UNICODE | SP436 | 000436
  • SAP KERNEL 7.45 64-BIT | SP316 | 000316
  • SAP KERNEL 7.45 64-BIT UNICODE | SP316 | 000316
  • SAP KERNEL 7.49 64-BIT | SP111 | 000111
  • SAP KERNEL 7.49 64-BIT UNICODE | SP111 | 000111
  • SAP KERNEL 7.50 64-BIT UNICODE | SP010 | 000010

Affected component

    BC-WD-UR
    Unified Rendering

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2374661

TAGS

#&65279-XSS
#stored-XSS
#reflected-XSS
#CSS&65279