An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver application server abap kernel_7.77 |
||
sap netweaver application server abap 7.81 |
||
sap netweaver application server abap 7.85 |
||
sap netweaver application server abap 7.89 |
||
sap netweaver application server abap 7.54 |