CVE-2019-0305
Published Jun 12, 2019
Last updated 3 years ago
Overview
- Description
- Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-1021
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75E83C25-D30B-4459-A1F1-DE7EC9FD46BE"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "900D10B0-B47B-46B0-A0A9-8E41660429DD"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D57CEB9D-5C06-4B3E-A36E-5B8689CA5657"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3062CE84-B6E2-40DE-B7B1-0752FC21BFAD"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "587D81FB-B2ED-4184-9258-A38A18B36DC5"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A325699D-6AB0-4BBC-A21C-A974FA1612DE"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A3A3226-28D1-4B43-942B-F41BD340E746"
}
],
"operator": "OR"
}
]
}
]