Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver | - |
| Sap | Netweaver Exchange Infrastructure \(Bc-Xi\) | - |
Related Weaknesses (CWE)
References
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/56947
- https://erpscan.io/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91095
- https://service.sap.com/sap/support/notes/1788080
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/56947
- https://erpscan.io/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91095
- https://service.sap.com/sap/support/notes/1788080
FAQ
What is CVE-2014-1964?
CVE-2014-1964 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or H...
How severe is CVE-2014-1964?
CVE-2014-1964 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1964?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver, Sap Netweaver Exchange Infrastructure \(Bc-Xi\).