Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver | 7.40 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2016/Apr/58
- http://seclists.org/fulldisclosure/2016/Apr/64
- https://erpscan.io/advisories/erpscan-16-001-xss-sap-netweaver-7-4-mdt-servlet/
- https://erpscan.io/advisories/erpscan-16-004-sap-netweaver-7-4-pmitest-servlet-x
- https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
- http://seclists.org/fulldisclosure/2016/Apr/58
- http://seclists.org/fulldisclosure/2016/Apr/64
- https://erpscan.io/advisories/erpscan-16-001-xss-sap-netweaver-7-4-mdt-servlet/
- https://erpscan.io/advisories/erpscan-16-004-sap-netweaver-7-4-pmitest-servlet-x
- https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
FAQ
What is CVE-2016-1911?
CVE-2016-1911 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmi...
How severe is CVE-2016-1911?
CVE-2016-1911 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1911?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver.