Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for gateway by sap

    VAR-201908-1852

    Vulnerability from variot - Updated: 2024-11-23 22:58

    During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. SAP Gateway Contains an information disclosure vulnerability.Information may be obtained. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. An attacker could exploit this vulnerability to access restricted information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1852",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "750"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "751"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "752"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "753"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:sap:gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          }
        ]
      },
      "cve": "CVE-2019-0338",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-0338",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-140369",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-0338",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-0338",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-0338",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-914",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-140369",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure. SAP Gateway Contains an information disclosure vulnerability.Information may be obtained. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. An attacker could exploit this vulnerability to access restricted information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-0338",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-140369",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "id": "VAR-201908-1852",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:58:35.702000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SAP Security Patch Day - August 2019",
            "trust": 0.8,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
          },
          {
            "title": "SAP Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96599"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://launchpad.support.sap.com/#/notes/2793351"
          },
          {
            "trust": 1.7,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523998017"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0338"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0338"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-august-2019-30031"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "date": "2019-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          },
          {
            "date": "2019-08-14T14:15:16.167000",
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-140369"
          },
          {
            "date": "2019-08-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          },
          {
            "date": "2019-09-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          },
          {
            "date": "2024-11-21T04:16:42.520000",
            "db": "NVD",
            "id": "CVE-2019-0338"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SAP Gateway Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-008348"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-914"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-1475

    Vulnerability from variot - Updated: 2024-11-23 22:51

    The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices.


    [VulnerabilityType Other] Content Spoofing


    [Vendor of Product] SAP


    [Affected Product] SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53


    [PoC] Tested in SAPUI5 1.0.0 PoC:

    https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P ',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31


    [Attack Type] Remote


    [Reference] https://capec.mitre.org/data/definitions/148.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319


    [Discoverer] Offensive0Labs - Rafael Fontes Souza

    References below: "SAP Product Security Response Team seg, 8 de jul 04:33 (há 6 dias) para eu, SAP

    Hello Rafael,

    We are pleased to inform you that we are releasing the following security note on July Patch Day 2019:

    Sec Incident ID(s) 1870475251

    Security Note 2752614

    Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway

    Advisory Plan Date 10/09/2019

    Delivery date of fix/Patch Day 07/09/2019

    CVSS Base Score 4.3

    CVSS Base Vector NLNR | U | NLN

    Credits go to:

    Offensive0Labs, Rafael Fontes Souza

    *Notes will be visible to customers on 9th of July 2019.

    https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers

    "

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1475",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "7.5"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "7.51"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "7.52"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sap",
            "version": "7.53"
          },
          {
            "model": "ui5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sap",
            "version": "1.0.0"
          },
          {
            "model": "sapui5",
            "scope": null,
            "trust": 0.8,
            "vendor": "sap",
            "version": null
          },
          {
            "model": "netweaver gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.53"
          },
          {
            "model": "netweaver gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.52"
          },
          {
            "model": "netweaver gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.51"
          },
          {
            "model": "netweaver gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.5"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "109074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:sap:gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sap:ui5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SAP,Rafael Fontes Souza",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-0319",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-0319",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-140350",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-0319",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-0319",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-0319",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-462",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-140350",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. \n\n------------------------------------------\n\n[VulnerabilityType Other]\nContent Spoofing\n\n------------------------------------------\n\n[Vendor of Product]\nSAP\n\n------------------------------------------\n\n[Affected Product]\nSAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53\n\n------------------------------------------\n\n[PoC]\nTested in SAPUI5 1.0.0\nPoC:\n\nhttps://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category=\u0027P\n\u0027,id=\u0027flp.settings.FlpSettings\u0027)?$expand=PersContainerItemsu1kpa_HACKED_\u0026sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31\n\n------------------------------------------\n\n[Attack Type]\nRemote\n\n------------------------------------------\n\n[Reference]\nhttps://capec.mitre.org/data/definitions/148.html\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319\n------------------------------------------\n\n[Discoverer]\nOffensive0Labs - Rafael Fontes Souza\n\n\n\n\nReferences below:\n\"SAP Product Security Response Team\nseg, 8 de jul 04:33 (h\u00e1 6 dias)\npara eu, SAP\n\nHello Rafael,\n\nWe are pleased to inform you that we are releasing the following security\nnote on July Patch Day 2019:\n\nSec Incident ID(s)  1870475251\n\nSecurity Note   2752614\n\nSecurity Note Title  [CVE-2019-0319] Content Injection Vulnerability in SAP\nGateway\n\nAdvisory Plan Date  10/09/2019\n\nDelivery date of fix/Patch Day  07/09/2019\n\nCVSS Base Score  4.3\n\nCVSS Base Vector  NLNR | U | NLN\n\nCredits go to:\n\nOffensive0Labs, Rafael Fontes Souza\n\n*Notes will be visible to customers on 9th of July 2019. \n\nhttps://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers\n\n\"\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "BID",
            "id": "109074"
          },
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "db": "PACKETSTORM",
            "id": "153661"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-0319",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "109074",
            "trust": 2.0
          },
          {
            "db": "PACKETSTORM",
            "id": "153661",
            "trust": 1.8
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2019050283",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04338",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-140350",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "db": "BID",
            "id": "109074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "PACKETSTORM",
            "id": "153661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "id": "VAR-201907-1475",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:51:42.570000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SAP Security Patch Day - July 2019",
            "trust": 0.8,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
          },
          {
            "title": "SAP Gateway Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94601"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://packetstormsecurity.com/files/153661/sapui5-1.0.0-sap-gateway-7.5-7.51-7.52-7.53-content-spoofing.html"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/109074"
          },
          {
            "trust": 2.0,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=523994575"
          },
          {
            "trust": 2.0,
            "url": "https://launchpad.support.sap.com/#/notes/2752614"
          },
          {
            "trust": 1.7,
            "url": "https://cxsecurity.com/ascii/wlb-2019050283"
          },
          {
            "trust": 1.7,
            "url": "https://drive.google.com/open?id=1agfqggvydehsk7mfisfkw7to60yif55f"
          },
          {
            "trust": 1.7,
            "url": "https://launchpad.support.sap.com/#/notes/2911267"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0319"
          },
          {
            "trust": 0.9,
            "url": "http://www.sap.com/"
          },
          {
            "trust": 0.9,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0319"
          },
          {
            "trust": 0.1,
            "url": "https://wiki.scn.sap.com/wiki/display/psr/acknowledgments+to+security+researchers"
          },
          {
            "trust": 0.1,
            "url": "https://capec.mitre.org/data/definitions/148.html"
          },
          {
            "trust": 0.1,
            "url": "https://sapmobile.target.com/sap/opu/odata/ui2/interop/perscontainers(category=\u0027p"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "db": "BID",
            "id": "109074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "PACKETSTORM",
            "id": "153661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "db": "BID",
            "id": "109074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "db": "PACKETSTORM",
            "id": "153661"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "BID",
            "id": "109074"
          },
          {
            "date": "2019-07-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "date": "2019-07-16T02:22:22",
            "db": "PACKETSTORM",
            "id": "153661"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          },
          {
            "date": "2019-07-10T19:15:10.220000",
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-140350"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "BID",
            "id": "109074"
          },
          {
            "date": "2019-07-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          },
          {
            "date": "2020-06-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          },
          {
            "date": "2024-11-21T04:16:40.700000",
            "db": "NVD",
            "id": "CVE-2019-0319"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SAP Gateway Vulnerability in injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006514"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-462"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-0338 (GCVE-0-2019-0338)

    Vulnerability from nvd – Published: 2019-08-14 13:49 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2793351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-14T13:49:43.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2793351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2793351",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2793351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0338",
        "datePublished": "2019-08-14T13:49:43.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0319 (GCVE-0-2019-0319)

    Vulnerability from nvd – Published: 2019-07-10 18:51 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
    Severity
    No CVSS data available.
    CWE
    • Content Injection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 7.5
    Affected: < 7.51
    Affected: < 7.52
    Affected: < 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109074"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2752614"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/ascii/WLB-2019050283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2911267"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.5"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.51"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.52"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T12:46:08.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "109074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109074"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2752614"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/ascii/WLB-2019050283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2911267"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0319",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.5"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.51"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.52"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109074"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2752614",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2752614"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
                },
                {
                  "name": "https://cxsecurity.com/ascii/WLB-2019050283",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/ascii/WLB-2019050283"
                },
                {
                  "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
                  "refsource": "MISC",
                  "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2911267",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2911267"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0319",
        "datePublished": "2019-07-10T18:51:55.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0338 (GCVE-0-2019-0338)

    Vulnerability from cvelistv5 – Published: 2019-08-14 13:49 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 750
    Affected: < 751
    Affected: < 752
    Affected: < 753
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2793351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 750"
                },
                {
                  "status": "affected",
                  "version": "\u003c 751"
                },
                {
                  "status": "affected",
                  "version": "\u003c 752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 753"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-14T13:49:43.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2793351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "750"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "751"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "753"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, allowing an attacker to access restricted information, resulting in Information Disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2793351",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2793351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0338",
        "datePublished": "2019-08-14T13:49:43.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0319 (GCVE-0-2019-0319)

    Vulnerability from cvelistv5 – Published: 2019-07-10 18:51 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
    Severity
    No CVSS data available.
    CWE
    • Content Injection
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP Gateway Affected: < 7.5
    Affected: < 7.51
    Affected: < 7.52
    Affected: < 7.53
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109074"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2752614"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cxsecurity.com/ascii/WLB-2019050283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2911267"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Gateway",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.5"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.51"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.52"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T12:46:08.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "109074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109074"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2752614"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cxsecurity.com/ascii/WLB-2019050283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2911267"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0319",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.5"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.51"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.52"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.53"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it\u0027s not."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Content Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109074"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2752614",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2752614"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
                },
                {
                  "name": "https://cxsecurity.com/ascii/WLB-2019050283",
                  "refsource": "MISC",
                  "url": "https://cxsecurity.com/ascii/WLB-2019050283"
                },
                {
                  "name": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f",
                  "refsource": "MISC",
                  "url": "https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2911267",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2911267"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0319",
        "datePublished": "2019-07-10T18:51:55.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }