CVE-2019-0305 is a vulnerability in SAP Netweaver Process Integration
Published on June 12, 2019
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.
Products Associated with CVE-2019-0305
Want to know whenever a new CVE is published for SAP Netweaver Process Integration? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL):- Version < 7.10 to 7.11 is affected.
- Version < 7.2 is affected.
- Version < 7.3 is affected.
- Version < 7.31 is affected.
- Version < 7.4 is affected.
- Version < 7.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.