Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Web Application Server | 7.0 |
| Sap | Web Dynpro | abap |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30334Vendor Advisory
- http://www.securityfocus.com/archive/1/492376/100/0/threaded
- http://www.securityfocus.com/bid/29317Exploit
- http://www.securitytracker.com/id?1020097
- http://www.vupen.com/english/advisories/2008/1599/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42724
- http://secunia.com/advisories/30334Vendor Advisory
- http://www.securityfocus.com/archive/1/492376/100/0/threaded
- http://www.securityfocus.com/bid/29317Exploit
- http://www.securitytracker.com/id?1020097
- http://www.vupen.com/english/advisories/2008/1599/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42724
FAQ
What is CVE-2008-2421?
CVE-2008-2421 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitra...
How severe is CVE-2008-2421?
CVE-2008-2421 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2421?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Web Application Server, Sap Web Dynpro.