CVE-2019-0319

CWE-74CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
7.5HIGH
EPSS
0.8%
top 25.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE SAP GatewaySAP GatewaySAP UI5
Timeline
PublishedJul 10
Latest updateMay 24

Description

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5sap_se/sap_gateway< 7.5+3
NVDsap/gateway4 versions+3
NVDsap/ui51.0.0

🔴Vulnerability Details

2
GHSA
GHSA-rcw5-8m8m-5jcg: The SAP Gateway, versions 72022-05-24
CVEList
CVE-2019-0319: The SAP Gateway, versions 72019-07-10
CVE-2019-0319 (HIGH CVSS 7.5) | The SAP Gateway | cvebase.io