ID CVE-2005-3635
Summary Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 15361
bugtraq 20051109 CYBSEC - Security Advisory: Multiple XSS in SAP WAS
misc http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
osvdb
  • 20716
  • 20717
sectrack 1015174
secunia 17515
sreason 162
vupen ADV-2005-2361
xf sap-fameset-systempublic-xss(23027)
Last major update 11-07-2017 - 01:33
Published 16-11-2005 - 21:22
Last modified 11-07-2017 - 01:33
Back to Top