CVE-2019-0319

high

Description

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

References

Advisories
More

https://cxsecurity.com/ascii/WLB-2019050283

http://www.securityfocus.com/bid/109074

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

https://launchpad.support.sap.com/#/notes/2911267

https://launchpad.support.sap.com/#/notes/2752614

https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f

http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html

Details

Source: Mitre, NVD

Published: 2019-07-10

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00972