Vulnerabilities > CVE-2005-3635 - Unspecified vulnerability in SAP web Application Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sap
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS. CVE-2005-3635. Webapps exploit for php platform |
| id | EDB-ID:26487 |
| last seen | 2016-02-03 |
| modified | 2005-11-09 |
| published | 2005-11-09 |
| reporter | Leandro Meiners |
| source | https://www.exploit-db.com/download/26487/ |
| title | SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS |
References
- http://marc.info/?l=bugtraq&m=113156601505542&w=2
- http://marc.info/?l=bugtraq&m=113156601505542&w=2
- http://secunia.com/advisories/17515/
- http://secunia.com/advisories/17515/
- http://securityreason.com/securityalert/162
- http://securityreason.com/securityalert/162
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
- http://www.osvdb.org/20716
- http://www.osvdb.org/20716
- http://www.osvdb.org/20717
- http://www.osvdb.org/20717
- http://www.securityfocus.com/bid/15361
- http://www.securityfocus.com/bid/15361
- http://www.securitytracker.com/alerts/2005/Nov/1015174.html
- http://www.securitytracker.com/alerts/2005/Nov/1015174.html
- http://www.vupen.com/english/advisories/2005/2361
- http://www.vupen.com/english/advisories/2005/2361
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23027