VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2904
netweaver, system_landscape_directory: Multiple cross-site scripting (XSS) vulnerabilities...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2904

Original

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-07-28
Source Information Category:
Advisory, Alert
Last Updated:
2010-07-29




Affected Product Tags
cpe:/a:sap:netweaver
cpe:/a:sap:netweaver:6.4
cpe:/a:sap:netweaver:7.0
cpe:/a:sap:system_landscape_directory:6.4
cpe:/a:sap:system_landscape_directory:7.0
cpe:/a:sap:system_landscape_directory:7.02
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
MISC https://service.sap.com/sap/support/notes/1416047




MISC http://packetstormsecurity.org/1007-advisories/DSECRG-09-068.txt




MISC http://dsecrg.com/pages/vul/show.php?id=168




OSVDB 66640




OSVDB 66639




SECUNIA 40712




VUPEN ADV-2010-1935




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




XF sapnetweaver-paramhelp-xss(60668)




Copyright © 2010 JPCERT/CC All Rights Reserved.