CVE-2019-0337

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 56.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Process Integration (java Proxy Runtime)SAP Netweaver Process Integration

Timeline

PublishedAug 14

Latest updateMay 24

Description

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_process_integration_(java_proxy_runtime)< 7.10+5

▶NVDsap/netweaver_process_integration6 versions+5

🔴Vulnerability Details

GHSA

GHSA-c356-2qc6-xmc3: Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7↗2022-05-24

▶

CVEList

CVE-2019-0337: Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7↗2019-08-14

▶