QwikSec

Security Database

CVE

CWE

Training

CVE-2019-0319

Published: Jul 10, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.

Vendor	Product	Versions
SAP SE	SAP Gateway	affected `< 7.5` affected `< 7.51` affected `< 7.52` affected `< 7.53`

References

vdb-entry

x_refsource_BID

https://launchpad.support.sap.com/#/notes/2752614

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

x_refsource_CONFIRM

https://cxsecurity.com/ascii/WLB-2019050283

x_refsource_MISC

https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f

x_refsource_MISC

http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2911267

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.