Advertisement






SAP Gateway versions 7.53 and SAPUI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters

CVE Category Price Severity
CVE-2019-0319
Author Risk Exploitation Type Date
2019-07-15
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 0.76 0.05

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019070066

Below is a copy:

SAP Gateway versions 7.53 and SAPUI5 1.0.0 is vulnerable to Content Spoofing in multiples parameters
> [Description]
> SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is vulnerable to Content Spoofing in multiples parameters. 
> 
> ------------------------------------------
> CVE
> CVE-2019-0319
>
> ------------------------------------------
> 
> [Impact]
> An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
> 
> ------------------------------------------
> 
> [VulnerabilityType Other]
> Content Spoofing 
> 
> ------------------------------------------
> 
> [Vendor of Product]
> SAP
> 
> ------------------------------------------
> 
> [Affected Product]
> SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53
> 
> ------------------------------------------
> 
> [PoC]
> Tested in SAPUI5 1.0.0 
> PoC:
> https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Reference]
> https://capec.mitre.org/data/definitions/148.html
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
> ------------------------------------------
> 
> [Discoverer]
> Offensive0Labs - Rafael Fontes Souza

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.