CVE-2019-0305
Last modified
CVE-2019-0305 is a vulnerability of currently unknown severity. Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.. EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Process Integration | 7.10 |
| Sap | Netweaver Process Integration | 7.11 |
| Sap | Netweaver Process Integration | 7.20 |
| Sap | Netweaver Process Integration | 7.30 |
| Sap | Netweaver Process Integration | 7.31 |
| Sap | Netweaver Process Integration | 7.40 |
| Sap | Netweaver Process Integration | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/2755502Permissions Required, Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2755502Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0305?
How severe is CVE-2019-0305?
How do I fix CVE-2019-0305?
Are you affected by CVE-2019-0305?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST