CVE-2019-0321

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 47.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE Abap Server AND Abap Platform (sap Basis)SAP Netweaver Application Server AbapSAP Netweaver AS Abap
Timeline
PublishedJul 10
Latest updateMay 24

Description

ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDsap/netweaver_as_abap7.4, 7.5+1

🔴Vulnerability Details

2
GHSA
GHSA-v6gj-m3g3-p36w: ABAP Server and ABAP Platform (SAP Basis), versions, 72022-05-24
CVEList
CVE-2019-0321: ABAP Server and ABAP Platform (SAP Basis), versions, 72019-07-10
CVE-2019-0321 (MEDIUM CVSS 6.1) | ABAP Server and ABAP Platform (SAP | cvebase.io