Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1846

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1846
Last Modified 29 Jan 2009 01:48:31
Published 16 Apr 2008 01:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1846

Summary

The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file.

Vulnerable Systems

Application

  • Sap Netweaver 7.0


References

XF - netweaver-feedbacksform-xss(41735)

SECTRACK - 1019822

BID - 28699

BUGTRAQ - 20080409 SAP Netweaver 6.40-7.0 Cross-Site-Scripting

MISC - http://www.aitsec.com/vulnerability-SAP-Netweaver-6.40-7.0-Cross-Site-Scripting.php

SREASON - 3812


Last Updated: 27 May 2016 10:47:40