4.3

CVE-2007-3495

EPSS 0.51%
Veröffentlicht 29.06.2007 18:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Sap Basis Component 640 Version <= sp19

SAP ≫ Sap Basis Component 700 Version <= sp11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.654

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://osvdb.org/37749

http://secunia.com/advisories/25866

http://securityreason.com/securityalert/2849

http://www.csnc.ch/advisory/sap02.html

http://www.securityfocus.com/archive/1/472345/100/0/threaded

http://www.vupen.com/english/advisories/2007/2381

https://exchange.xforce.ibmcloud.com/vulnerabilities/35107

https://nvd.nist.gov/vuln/detail/CVE-2007-3495

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3495

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3495

EUVD