Lucene search

[email protected]CVE-2007-3613

HistoryJul 06, 2007 - 7:30 p.m.

CVE-2007-3613

2007-07-0619:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3613

cross-site scripting

xss

sap

igs

vulnerability

web script

html

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.7%

JSON

Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.

Affected configurations

NVD

Node

sapinternet_graphics_serverMatch6.40

sapinternet_graphics_serverMatch6.40_patch_11

sapinternet_graphics_serverMatch6.40_patch_12

sapinternet_graphics_serverMatch6.40_patch_13

sapinternet_graphics_serverMatch6.40_patch_14

sapinternet_graphics_serverMatch6.40_patch_15

sapinternet_graphics_serverMatch7.00_patch_1

sapinternet_graphics_serverMatch7.00_patch_2

sapinternet_graphics_serverMatch7.00_patch_3

CPENameOperatorVersion
sap:internet_graphics_serversap internet graphics servereq6.40
sap:internet_graphics_serversap internet graphics servereq6.40_patch_11
sap:internet_graphics_serversap internet graphics servereq6.40_patch_12
sap:internet_graphics_serversap internet graphics servereq6.40_patch_13
sap:internet_graphics_serversap internet graphics servereq6.40_patch_14
sap:internet_graphics_serversap internet graphics servereq6.40_patch_15
sap:internet_graphics_serversap internet graphics servereq7.00_patch_1
sap:internet_graphics_serversap internet graphics servereq7.00_patch_2
sap:internet_graphics_serversap internet graphics servereq7.00_patch_3

CPE	Name	Operator	Version
sap:internet_graphics_server	sap internet graphics server	eq	6.40
sap:internet_graphics_server	sap internet graphics server	eq	6.40_patch_11
sap:internet_graphics_server	sap internet graphics server	eq	6.40_patch_12
sap:internet_graphics_server	sap internet graphics server	eq	6.40_patch_13
sap:internet_graphics_server	sap internet graphics server	eq	6.40_patch_14
sap:internet_graphics_server	sap internet graphics server	eq	6.40_patch_15
sap:internet_graphics_server	sap internet graphics server	eq	7.00_patch_1
sap:internet_graphics_server	sap internet graphics server	eq	7.00_patch_2
sap:internet_graphics_server	sap internet graphics server	eq	7.00_patch_3

References

osvdb.org/36480

secunia.com/advisories/25950

securityreason.com/securityalert/2865

www.ngssoftware.com/advisories/medium-risk-vulnerability-in-sap-internet-graphics-server/

www.securityfocus.com/archive/1/472889/100/0/threaded

www.securityfocus.com/bid/24775

www.securitytracker.com/id?1018339

www.vupen.com/english/advisories/2007/2452

exchange.xforce.ibmcloud.com/vulnerabilities/35280

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2007-3613

prion1 nvd1 cvelist1