Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2019-0319 |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
2019-07-15 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 0.76 | 0.05 |
> [Description] > SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is vulnerable to Content Spoofing in multiples parameters. > > ------------------------------------------ > CVE > CVE-2019-0319 > > ------------------------------------------ > > [Impact] > An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. > > ------------------------------------------ > > [VulnerabilityType Other] > Content Spoofing > > ------------------------------------------ > > [Vendor of Product] > SAP > > ------------------------------------------ > > [Affected Product] > SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 > > ------------------------------------------ > > [PoC] > Tested in SAPUI5 1.0.0 > PoC: > https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31 > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Reference] > https://capec.mitre.org/data/definitions/148.html > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319 > ------------------------------------------ > > [Discoverer] > Offensive0Labs - Rafael Fontes Souza
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.