Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-11415

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

2.5%

top 14.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SAP Internet Transaction Server

Timeline

PublishedMay 24

Latest updateMay 14

Description

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDsap/internet_transaction_server6.20

🔴Vulnerability Details

GHSA

GHSA-25wj-5m66-r5mg: SAP Internet Transaction Server (ITS) 6200↗2022-05-14

▶

CVEList

CVE-2018-11415: SAP Internet Transaction Server (ITS) 6200↗2018-05-24

▶

💥Exploits & PoCs

Exploit-DB

SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting↗2018-05-25

▶