Unauthorized modification of displayed content-ISpeakAdapter, SAP security note 1442517

Description

ISpeakAdapter can be abused by a malicious user, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

CVSS Information

CVSS Base Score: 4.3
CVSS Base Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

SAP is providing this CVSS base score as an estimate of the risk posed by the issue reported in this note. This estimate does not take into consideration your own system configuration, or operational environment. It is not intended to replace any risk assessments you are advised to conduct when deciding the applicability or priority of this SAP security note. Please see the FAQ section on https://service.sap.com/securitynotes/ for more information.

Available fix and Supported packages

SAP_XIAF | 3.0 | 3.0
SAP_XIAF | 7.00 | 7.02
SAP_XIAF | 7.10 | 7.11
XI ADAPTER FRAMEWORK 3.0 | SP023 | 000010
XI ADAPTER FRAMEWORK 3.0 | SP024 | 000009
XI ADAPTER FRAMEWORK 3.0 | SP025 | 000003
XI ADAPTER FRAMEWORK 3.0 | SP026 | 000005
XI ADAPTER FRAMEWORK 3.0 | SP027 | 000001
XI ADAPTER FRAMEWORK 7.00 | SP020 | 000010
XI ADAPTER FRAMEWORK 7.00 | SP021 | 000008
XI ADAPTER FRAMEWORK 7.00 | SP022 | 000010
XI ADAPTER FRAMEWORK 7.00 | SP023 | 000000
XI ADAPTER FRAMEWORK 7.01 | SP005 | 000008
XI ADAPTER FRAMEWORK 7.01 | SP006 | 000007
XI ADAPTER FRAMEWORK 7.01 | SP007 | 000006
XI ADAPTER FRAMEWORK 7.01 | SP008 | 000000
XI ADAPTER FRAMEWORK 7.01 | SP009 | 000000
XI ADAPTER FRAMEWORK 7.02 | SP003 | 000003
XI ADAPTER FRAMEWORK 7.02 | SP004 | 000004
XI ADAPTER FRAMEWORK 7.02 | SP005 | 000002
XI ADAPTER FRAMEWORK 7.02 | SP006 | 000000
XI ADAPTER FRAMEWORK 7.02 | SP007 | 000000
XI ADAPTER FRAMEWORK 7.10 | SP006 | 000041

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1442517

Arpine Maghakyan

Unauthorized modification of displayed content-ISpeakAdapter, SAP security note 1442517

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Reflected-Cross-Site-Scripting
#XSS
#ISpeak-Adapter

More to explorer

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

Arpine Maghakyan

Unauthorized modification of displayed content-ISpeakAdapter, SAP security note 1442517

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Reflected-Cross-Site-Scripting#XSS#ISpeak-Adapter

More to explorer

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

#Reflected-Cross-Site-Scripting
#XSS
#ISpeak-Adapter