CVE-2011-4707

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.

Related CPE's

asapnetweaver********

References

https://service.sap.com/sap/support/notes/1546307

http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

http://dsecrg.com/pages/vul/show.php?id=336

20111117 [DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS

https://erpscan.io/advisories/dsecrg-11-036-sap-netwaver-virus-scan-interface-multiple-xss/

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io