Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SAP Gateway by SAP SE

    CVE-2019-0338 (GCVE-0-2019-0338)

    Vulnerability from nvd – Published: 2019-08-14 13:49 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2793351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-14T13:49:43.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2793351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2793351",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2793351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0338",
        "datePublished": "2019-08-14T13:49:43.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0319 (GCVE-0-2019-0319)

    Vulnerability from nvd – Published: 2019-07-10 18:51 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
    Severity
    No CVSS data available.
    CWE
    • Content Injection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 7.5
    Affected: < 7.51
    Affected: < 7.52
    Affected: < 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109074"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2752614"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/ascii/WLB-2019050283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2911267"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.5"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.51"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.52"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T12:46:08.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "109074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109074"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2752614"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/ascii/WLB-2019050283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2911267"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0319",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.5"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.51"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.52"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109074"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2752614",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2752614"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
                },
                {
                  "name": "https://cxsecurity.com/ascii/WLB-2019050283",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/ascii/WLB-2019050283"
                },
                {
                  "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
                  "refsource": "MISC",
                  "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2911267",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2911267"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0319",
        "datePublished": "2019-07-10T18:51:55.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0338 (GCVE-0-2019-0338)

    Vulnerability from cvelistv5 – Published: 2019-08-14 13:49 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2793351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-14T13:49:43.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2793351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2793351",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2793351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0338",
        "datePublished": "2019-08-14T13:49:43.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0319 (GCVE-0-2019-0319)

    Vulnerability from cvelistv5 – Published: 2019-07-10 18:51 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
    Severity
    No CVSS data available.
    CWE
    • Content Injection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 7.5
    Affected: < 7.51
    Affected: < 7.52
    Affected: < 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109074"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2752614"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/ascii/WLB-2019050283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2911267"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.5"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.51"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.52"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T12:46:08.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "109074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109074"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2752614"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/ascii/WLB-2019050283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2911267"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0319",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.5"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.51"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.52"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109074"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2752614",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2752614"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
                },
                {
                  "name": "https://cxsecurity.com/ascii/WLB-2019050283",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/ascii/WLB-2019050283"
                },
                {
                  "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
                  "refsource": "MISC",
                  "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2911267",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2911267"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0319",
        "datePublished": "2019-07-10T18:51:55.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }