Unrated severityNVD Advisory· Published Jun 12, 2019· Updated Aug 4, 2024

CVE-2019-0305

Description

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.

Affected products

SAP/NetWeaver Process Integrationllm-fuzzy
Range: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
SAP SE/SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)v5
Range: < 7.10 to 7.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000