The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when itβs not.
[
{
"product": "SAP Gateway",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 7.5"
},
{
"status": "affected",
"version": "< 7.51"
},
{
"status": "affected",
"version": "< 7.52"
},
{
"status": "affected",
"version": "< 7.53"
}
]
}
]
packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html
www.securityfocus.com/bid/109074
cxsecurity.com/ascii/WLB-2019050283
drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f
launchpad.support.sap.com/#/notes/2752614
launchpad.support.sap.com/#/notes/2911267
wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575