4.3

CVE-2007-3495

EPSS 0.51%
Published 29.06.2007 18:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Sap Basis Component 640 Version <= sp19

SAP ≫ Sap Basis Component 700 Version <= sp11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.654

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://osvdb.org/37749

http://secunia.com/advisories/25866

http://securityreason.com/securityalert/2849

http://www.csnc.ch/advisory/sap02.html

http://www.securityfocus.com/archive/1/472345/100/0/threaded

http://www.vupen.com/english/advisories/2007/2381

https://exchange.xforce.ibmcloud.com/vulnerabilities/35107

https://nvd.nist.gov/vuln/detail/CVE-2007-3495

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3495

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3495

EUVD