CVE-2019-0316 is a vulnerability in SAP Netweaver Process Integration
Published on June 14, 2019
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victims browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability.
Products Associated with CVE-2019-0316
Want to know whenever a new CVE is published for SAP Netweaver Process Integration? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver Process Integration(SAP_XIESR):- Version < 7.20 is affected.
- Version < 7.10 to 7.11 is affected.
- Version < 7.30 is affected.
- Version < 7.31 is affected.
- Version < 7.40 is affected.
- Version < 7.50 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.