Unrated severityNVD Advisory· Published Jun 29, 2007· Updated Apr 23, 2026

CVE-2007-3495

Description

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

Affected products

SAP/Sap Basis Component 640
cpe:2.3:a:sap:sap_basis_component_640:*:*:*:*:*:*:*:*
Range: <=sp19
SAP/Sap Basis Component 700
cpe:2.3:a:sap:sap_basis_component_700:*:*:*:*:*:*:*:*
Range: <=sp11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/37749nvd
secunia.com/advisories/25866nvd
securityreason.com/securityalert/2849nvd
www.csnc.ch/advisory/sap02.htmlnvd
www.securityfocus.com/archive/1/472345/100/0/threadednvd
www.vupen.com/english/advisories/2007/2381nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35107nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000