CVE-2019-0388

Published: Nov 13, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.

Affected (6)

Products: Sap: Ui

Sap

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sap Ui	Version 2.0
Sap Ui	Version 7.51
Sap Ui	Version 7.52
Sap Ui	Version 7.53
Sap Ui	Version 7.54
Sap Ui	Version 7.5

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (4)

https://launchpad.support.sap.com/#/notes/2843016

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2843016

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.