Application: SAP NetWeaver AS JAVA **Versions Affected:**SAP NetWeaver AS JAVA 7.4 Vendor URL: SAP **Bugs:**XXS **Reported:**04.12.2015 **Vendor response:**05.12.2015 **Date of Public Advisory:**11.04.2017 **Reference: **SAP Security Note 2308535 Author: Vahagn Vardanyan (ERPScan)
Class: XSS
Impact: XSS on SAP NetWeaver Portal 7.4
Remotely Exploitable: yes
Locally Exploitable: no
CVE Name: CVE-2017-11460
CVSS v3 Base Score: 6.1 / 10
CVSS v3 Base Vector:
AV: Attack Vector (Related exploit range) | Network (N) |
---|---|
AC: Attack Complexity (Required attack complexity) | Low (L) |
PR: Privileges Required (Level of privileges needed to exploit) | None (N) |
UI: User Interaction (Required user participation) | Required ® |
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) | Changed © |
C: Impact to Confidentiality | Low (L) |
I: Impact to Integrity | Low (L) |
A: Impact to Availability | None (N) |
An anonymous attacker can use a special HTTP request to hijack session data of administrators or users of the web resource.
An attacker can use a Cross-Site Scripting vulnerability for injecting a malicious script into a page. The malicious script can access all cookies, session tokens, and other critical information stored by a browser and used for interaction with a web application. An attacker can gain access to the user session and learn business critical information, in some cases, it is possible to get control over this information. In addition, XSS can be used for unauthorized modifying of displayed content.
SAP NetWeaver 7.4
Other versions are probably affected too, but they were not checked.
To correct this vulnerability, install SAP Security Note 2308535
XSS on SAP NetWeaver 7.4
http://<host>:<port>/DataArchivingService/shp/shp_result.jsp?responsecode=%3Cimg%20src%3da%20onerror%3dalert%281%29%3E
1
|
http://<host>:<port>/DataArchivingService/shp/shp_result.jsp?responsecode=%3Cimg%20src%3da%20onerror%3dalert%281%29%3E
—|—