Design/Logic Flaw

2020-02-1220:15:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

CPENameOperatorVersion
abap_platformeq7.51
abap_platformeq7.52
abap_platformeq7.53
abap_platformeq7.54
abap_platformeq7.50
netweavereq7.30
netweavereq7.31
netweavereq7.02
netweavereq7.40

Name	Operator	Version
abap_platform	eq	7.51
abap_platform	eq	7.52
abap_platform	eq	7.53
abap_platform	eq	7.54
abap_platform	eq	7.50
netweaver	eq	7.30
netweaver	eq	7.31
netweaver	eq	7.02
netweaver	eq	7.40