exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SAPUI5 1.0.0 / SAP Gateway 7.5 / 7.51 / 7.52 / 7.53 Content Spoofing

SAPUI5 1.0.0 / SAP Gateway 7.5 / 7.51 / 7.52 / 7.53 Content Spoofing
Posted Jul 16, 2019
Authored by Rafael Fontes Souza

SAPUI5 version 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53are vulnerable to content spoofing in multiple parameters.

tags | advisory, spoof
advisories | CVE-2019-0319
SHA-256 | 36990a9a429e586290eca89a7b5655d1c26e247e693772a9137c671aa59099c8

SAPUI5 1.0.0 / SAP Gateway 7.5 / 7.51 / 7.52 / 7.53 Content Spoofing

Change Mirror Download
[Description]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is
vulnerable to Content Spoofing in multiples parameters.

------------------------------------------
CVE
CVE-2019-0319

------------------------------------------

[Impact]
An attacker could thus mislead a user to believe this information is from
the legitimate service when it's not.

------------------------------------------

[VulnerabilityType Other]
Content Spoofing

------------------------------------------

[Vendor of Product]
SAP

------------------------------------------

[Affected Product]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53

------------------------------------------

[PoC]
Tested in SAPUI5 1.0.0
PoC:

https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P
',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Reference]
https://capec.mitre.org/data/definitions/148.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
------------------------------------------

[Discoverer]
Offensive0Labs - Rafael Fontes Souza




References below:
"SAP Product Security Response Team
seg, 8 de jul 04:33 (há 6 dias)
para eu, SAP

Hello Rafael,

We are pleased to inform you that we are releasing the following security
note on July Patch Day 2019:

Sec Incident ID(s) 1870475251

Security Note 2752614

Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP
Gateway

Advisory Plan Date 10/09/2019

Delivery date of fix/Patch Day 07/09/2019

CVSS Base Score 4.3

CVSS Base Vector NLNR | U | NLN

Credits go to:

Offensive0Labs, Rafael Fontes Souza

*Notes will be visible to customers on 9th of July 2019.

https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers

"
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close