Vulnerabilites related to sap - sapui5
var-201907-1475
Vulnerability from variot
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices.
[VulnerabilityType Other] Content Spoofing
[Vendor of Product] SAP
[Affected Product] SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53
[PoC] Tested in SAPUI5 1.0.0 PoC:
https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P ',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31
[Attack Type] Remote
[Reference] https://capec.mitre.org/data/definitions/148.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
[Discoverer] Offensive0Labs - Rafael Fontes Souza
References below: "SAP Product Security Response Team seg, 8 de jul 04:33 (há 6 dias) para eu, SAP
Hello Rafael,
We are pleased to inform you that we are releasing the following security note on July Patch Day 2019:
Sec Incident ID(s) 1870475251
Security Note 2752614
Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway
Advisory Plan Date 10/09/2019
Delivery date of fix/Patch Day 07/09/2019
CVSS Base Score 4.3
CVSS Base Vector NLNR | U | NLN
Credits go to:
Offensive0Labs, Rafael Fontes Souza
*Notes will be visible to customers on 9th of July 2019.
https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers
"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1475",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.5"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.51"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.52"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "sap",
"version": "7.53"
},
{
"model": "ui5",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "1.0.0"
},
{
"model": "sapui5",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.53"
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.52"
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.51"
},
{
"model": "netweaver gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.5"
}
],
"sources": [
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sap:ui5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP,Rafael Fontes Souza",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0319",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-140350",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0319",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0319",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0319",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-462",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-140350",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nContent Spoofing\n\n------------------------------------------\n\n[Vendor of Product]\nSAP\n\n------------------------------------------\n\n[Affected Product]\nSAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53\n\n------------------------------------------\n\n[PoC]\nTested in SAPUI5 1.0.0\nPoC:\n\nhttps://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category=\u0027P\n\u0027,id=\u0027flp.settings.FlpSettings\u0027)?$expand=PersContainerItemsu1kpa_HACKED_\u0026sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31\n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Reference]\nhttps://capec.mitre.org/data/definitions/148.html\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319\n------------------------------------------\n\n[Discoverer]\nOffensive0Labs - Rafael Fontes Souza\n\n\n\n\nReferences below:\n\"SAP Product Security Response Team\nseg, 8 de jul 04:33 (h\u00e1 6 dias)\npara eu, SAP\n\nHello Rafael,\n\nWe are pleased to inform you that we are releasing the following security\nnote on July Patch Day 2019:\n\nSec Incident ID(s) 1870475251\n\nSecurity Note 2752614\n\nSecurity Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP\nGateway\n\nAdvisory Plan Date 10/09/2019\n\nDelivery date of fix/Patch Day 07/09/2019\n\nCVSS Base Score 4.3\n\nCVSS Base Vector NLNR | U | NLN\n\nCredits go to:\n\nOffensive0Labs, Rafael Fontes Souza\n\n*Notes will be visible to customers on 9th of July 2019. \n\nhttps://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers\n\n\"\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0319"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "PACKETSTORM",
"id": "153661"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0319",
"trust": 2.9
},
{
"db": "BID",
"id": "109074",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "153661",
"trust": 1.8
},
{
"db": "CXSECURITY",
"id": "WLB-2019050283",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-04338",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-140350",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "PACKETSTORM",
"id": "153661"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"id": "VAR-201907-1475",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:51:42.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Patch Day - July 2019",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"title": "SAP Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94601"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
},
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/153661/sapui5-1.0.0-sap-gateway-7.5-7.51-7.52-7.53-content-spoofing.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/109074"
},
{
"trust": 2.0,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
},
{
"trust": 2.0,
"url": "https://launchpad.support.sap.com/#/notes/2752614"
},
{
"trust": 1.7,
"url": "https://cxsecurity.com/ascii/wlb-2019050283"
},
{
"trust": 1.7,
"url": "https://drive.google.com/open?id=1agfqggvydehsk7mfisfkw7to60yif55f"
},
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/2911267"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0319"
},
{
"trust": 0.9,
"url": "http://www.sap.com/"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0319"
},
{
"trust": 0.1,
"url": "https://wiki.scn.sap.com/wiki/display/psr/acknowledgments+to+security+researchers"
},
{
"trust": 0.1,
"url": "https://capec.mitre.org/data/definitions/148.html"
},
{
"trust": 0.1,
"url": "https://sapmobile.target.com/sap/opu/odata/ui2/interop/perscontainers(category=\u0027p"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "PACKETSTORM",
"id": "153661"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-140350"
},
{
"db": "BID",
"id": "109074"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"db": "PACKETSTORM",
"id": "153661"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
},
{
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-140350"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109074"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"date": "2019-07-16T02:22:22",
"db": "PACKETSTORM",
"id": "153661"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-462"
},
{
"date": "2019-07-10T19:15:10.220000",
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-140350"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "109074"
},
{
"date": "2019-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006514"
},
{
"date": "2020-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-462"
},
{
"date": "2024-11-21T04:16:40.700000",
"db": "NVD",
"id": "CVE-2019-0319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Gateway Vulnerability in injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-462"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2023-05-09 02:15
Modified
2024-11-21 08:00
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3326210 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3326210 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sapui5:700:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA2988A-2A15-4BC8-9809-C15254D96199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapui5:750:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7D782B-47B8-4B96-9850-EE8F6EAC2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapui5:754:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB3E2E8-0E41-4931-A7D5-7CCC0DD0D55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapui5:755:*:*:*:*:*:*:*",
"matchCriteriaId": "08696DC3-DCFE-4894-86FB-18B963F8A331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapui5:756:*:*:*:*:*:*:*",
"matchCriteriaId": "36DEB649-1391-40FC-BF9C-11E820DA1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapui5:757:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D0AC05-A19D-48DF-9E2E-875A487C14E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user\u2019s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user\u2019s information through phishing attack.\n\n"
}
],
"id": "CVE-2023-30743",
"lastModified": "2024-11-21T08:00:48.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T02:15:12.397",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3326210"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3326210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
cve-2023-30743
Vulnerability from cvelistv5
Published
2023-05-09 01:35
Modified
2025-01-28 19:12
Severity ?
EPSS score ?
Summary
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3326210"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:12:03.211096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:12:13.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAPUI5",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_UI 750"
},
{
"status": "affected",
"version": "SAP_UI 754"
},
{
"status": "affected",
"version": "SAP_UI 755"
},
{
"status": "affected",
"version": "SAP_UI 756"
},
{
"status": "affected",
"version": "SAP_UI 757"
},
{
"status": "affected",
"version": "UI_700 200"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user\u2019s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user\u2019s information through phishing attack.\u003c/p\u003e"
}
],
"value": "Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user\u2019s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user\u2019s information through phishing attack.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T01:35:47.761Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3326210"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Input in SAPUI5",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-30743",
"datePublished": "2023-05-09T01:35:47.761Z",
"dateReserved": "2023-04-14T06:01:02.875Z",
"dateUpdated": "2025-01-28T19:12:13.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}