CVE Vulnerability

CVE-2019-0319

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.securityfocus.com/bid/109074 Third Party Advisory VDB Entry
https://launchpad.support.sap.com/#/notes/2752614 Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 Vendor Advisory
https://cxsecurity.com/ascii/WLB-2019050283 Third Party Advisory
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f Exploit Third Party Advisory
http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html Exploit Third Party Advisory
https://launchpad.support.sap.com/#/notes/2911267
Configurations

Configuration 1

cpe:2.3:a:sap:ui5:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:gateway:7.51:*:*:*:*:*:*:*
cpe:2.3:a:sap:gateway:7.52:*:*:*:*:*:*:*
cpe:2.3:a:sap:gateway:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:gateway:7.5:*:*:*:*:*:*:*
Information

Published : 2019-07-10 07:15

Updated : 2020-08-24 05:37

NVD link : CVE-2019-0319

Mitre link : CVE-2019-0319

Products Affected
No products.
CWE
CWE-74

CWE-79