Lucene search

PRIOn knowledge basePRION:CVE-2008-2123

HistoryMay 09, 2008 - 6:20 p.m.

Cross site scripting

2008-05-0918:20:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.946 High

EPSS

Percentile

99.2%

JSON

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a “<>” sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.

CPENameOperatorVersion
internet_transaction_servereq6200.1017.509540-build730827

CPE	Name	Operator	Version
	internet_transaction_server	eq	6200.1017.509540-build730827

References

secunia.com/advisories/30128

www.portcullis-security.com/275.php

www.securityfocus.com/bid/29103

www.securitytracker.com/id?1019998

www.vupen.com/english/advisories/2008/1466/references

exchange.xforce.ibmcloud.com/vulnerabilities/42281

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.946 High

EPSS

Percentile

99.2%

JSON

Related for PRION:CVE-2008-2123