CVE Vulnerability

CVE-2007-3495

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.csnc.ch/advisory/sap02.html
http://secunia.com/advisories/25866
http://securityreason.com/securityalert/2849
http://www.vupen.com/english/advisories/2007/2381
http://osvdb.org/37749
https://exchange.xforce.ibmcloud.com/vulnerabilities/35107
http://www.securityfocus.com/archive/1/472345/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:sap:sap_basis_component_700:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis_component_640:*:*:*:*:*:*:*:*
Information

Published : 2007-06-29 06:30

Updated : 2018-10-16 04:50

NVD link : CVE-2007-3495

Mitre link : CVE-2007-3495

Products Affected
No products.
CWE
NVD-CWE-Other