CVE-2007-3496

Published: Jun 29, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

Affected (12)

Products: Sap: Netweaver Nw04, Netweaver Nw04s, Sap Basis Component 640, Sap Basis Component 700

Sap

4 products

Netweaver Nw04

Netweaver Nw04s

Sap Basis Component 640

Sap Basis Component 700

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Nw04	Version sp15
Sap Netweaver Nw04	Version sp16
Sap Netweaver Nw04	Version sp17
Sap Netweaver Nw04	Version sp18
Sap Netweaver Nw04	Version sp19
Sap Netweaver Nw04s	Version sp10
Sap Netweaver Nw04s	Version sp11
Sap Netweaver Nw04s	Version sp7
Sap Netweaver Nw04s	Version sp8
Sap Netweaver Nw04s	Version sp9
Sap Sap Basis Component 640	Up to sp19
Sap Sap Basis Component 700	Up to sp11