Vulners
Lucene search
SAP BusinessObjects Financial Consolidation 10.0.0.1933 Cross Site Scripting Vulnerability
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | SAP BusinessObjects Financial Consolidation Cross-Site Scripting Vulnerability | 28 Feb 201700:00 | – | cnvd |
 | CVE-2017-6061 | 16 Mar 201703:49 | – | cve |
 | CVE-2017-6061 | 16 Mar 201703:49 | – | cvelist |
 | EUVD-2017-15129 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-6061 | 16 Mar 201704:59 | – | nvd |
 | CVE-2017-6061 | 16 Mar 201704:59 | – | osv |
 | SAP BusinessObjects Financial Consolidation 10.0.0.1933 Cross Site Scripting | 27 Feb 201700:00 | – | packetstorm |
 | Cross site scripting | 16 Mar 201704:59 | – | prion |
[Description]
Cross-site scripting (XSS) vulnerability in the help component of SAP
BusinessObjects Financial Consolidation 10.0.0.1933 allows remote
attackers to inject arbitrary web script or HTML via a GET request.
------------------------------------------
[Additional Information]
The help pages of SAP BusinessObjects Financial Consolidation is
vulnerable to a reflected cross-site scripting (XSS) attack. The help
pages are build out of multiple iframes. The frameset.htm can be
requested with JavaScript code as part of the parameters. The
parameters are written using JavaScript into the "src" attribute of an
"iframe" tag. The JavaScript code reads the URL that is present in the
browser and does basic filtering based on regular expressions to
verify whether a URI is included in the argument. However this filter
can be bypassed.
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
SAP
------------------------------------------
[Affected Product Code Base]
SAP BusinessObjects Financial Consolidation - 10.0.0.1933
------------------------------------------
[Affected Component]
Help component (/finance/help/en/frameset.htm)
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Attack Vectors]
An attacker could trick a user into clicking on the malicious link
redirecting the user to the trusted web application. However the
attacker can include malicious JavaScript code that for example loads
external content serving malware. The attacker could also create a web
application that is loaded as an iFrame to trick the victim into
entering his personal information or credentials to SAP BFC.
------------------------------------------
[Reference & Solution]
Credits: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=448476554
SAP Security Patch Day 11 / 2016: https://launchpad.support.sap.com/#/notes/2386447
SAP Security note: https://launchpad.support.sap.com/#/notes/2368106
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Deloitte, Sander Maas & Dima van de Wouw
------------------------------------------
[Reserved CVE]
CVE-2017-6061
# 0day.today [2018-04-14] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Feb 2017 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.00756