4.3
CVE-2007-3496
- EPSS 0.59%
- Published 29.06.2007 18:30:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Netweaver Nw04 Versionsp15
SAP ≫ Netweaver Nw04 Versionsp16
SAP ≫ Netweaver Nw04 Versionsp17
SAP ≫ Netweaver Nw04 Versionsp18
SAP ≫ Netweaver Nw04 Versionsp19
SAP ≫ Netweaver Nw04s Versionsp7
SAP ≫ Netweaver Nw04s Versionsp8
SAP ≫ Netweaver Nw04s Versionsp9
SAP ≫ Netweaver Nw04s Versionsp10
SAP ≫ Netweaver Nw04s Versionsp11
SAP ≫ Sap Basis Component 640 Version <= sp19
SAP ≫ Sap Basis Component 700 Version <= sp11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.682 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|