mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
19b42ef5c6
commit
8682868322
@ -1,17 +1,71 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-0303",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-0303",
|
||||
"ASSIGNER": "cna@sap.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "SAP SE",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SAP BusinessObjects Business Intelligence Platform (Administration Console)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "4.2"
|
||||
},
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "4.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross Site Scripting"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
|
||||
},
|
||||
{
|
||||
"url": "https://launchpad.support.sap.com/#/notes/2637997",
|
||||
"refsource": "MISC",
|
||||
"name": "https://launchpad.support.sap.com/#/notes/2637997"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,94 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2019-0316",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2019-0316",
|
||||
"ASSIGNER": "cna@sap.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "SAP SE",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SAP NetWeaver Process Integration(SAP_XIESR)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "7.20"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SAP NetWeaver Process Integration(SAP_XITOOL)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "7.10 to 7.11"
|
||||
},
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "7.30"
|
||||
},
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "7.31"
|
||||
},
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "7.40"
|
||||
},
|
||||
{
|
||||
"version_name": "<",
|
||||
"version_value": "7.50"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim\u2019s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Scripting"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
|
||||
},
|
||||
{
|
||||
"url": "https://launchpad.support.sap.com/#/notes/2745917",
|
||||
"refsource": "MISC",
|
||||
"name": "https://launchpad.support.sap.com/#/notes/2745917"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user