Unrated severityNVD Advisory· Published Nov 16, 2005· Updated Apr 16, 2026

CVE-2005-3634

Description

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

Affected products

SAP/Sap Web Application Server4 versions
cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/15362nvdExploit
secunia.com/advisories/17515/nvdVendor Advisory
www.securitytracker.com/alerts/2005/Nov/1015174.htmlnvdVendor Advisory
marc.infonvd
securityreason.com/securityalert/163nvd
www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdfnvd
www.vupen.com/english/advisories/2005/2361nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23031nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000