4.7
CVE-2026-34258
- EPSS 0.01%
- Veröffentlicht 12.05.2026 02:19:41
- Zuletzt bearbeitet 12.05.2026 14:19:41
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Content Spoofing vulnerability in SAPUI5 (Search UI)
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low impact on confidentiality with no effect on the integrity and availability of the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAPUI5 (Search UI)
Default Statusunaffected
Version
SAPUI5 1.108
Status
affected
Version
1.120
Status
affected
Version
1.136
Status
affected
Version
1.142
Status
affected
Version
1.71
Status
affected
Version
1.84
Status
affected
Version
1.96
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.025 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 4.7 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
|
CWE-451 User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.