Medium severity6.1NVD Advisory· Published Aug 14, 2019· Updated Jun 17, 2026
CVE-2019-0337
CVE-2019-0337
Description
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability
Affected products
2- Range: 7.10, 7.11, 7.30, 7.31, 7.40, 7.50
- SAP SE/SAP NetWeaver Process Integration (Java Proxy Runtime)v5Range: < 7.10
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.comnvdPermissions RequiredVendor Advisory
- wiki.scn.sap.com/wiki/pages/viewpage.actionnvdVendor Advisory
News mentions
0No linked articles in our index yet.