CVE-2019-0319
HIGHSAP Gateway 7.5-7.53 - Content Spoofing via Error Message Injection
Title source: llmDescription
The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109074
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2752614
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
Third Party Advisory x_refsource_misc
https://cxsecurity.com/ascii/WLB-2019050283
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html
Various Sources x_refsource_misc
https://launchpad.support.sap.com/#/notes/2911267
Scores
CVSS v3
7.5
EPSS
0.0080
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-74
CWE-79
Status
published
Products (5)
sap/gateway
7.5
sap/gateway
7.51
sap/gateway
7.52
sap/gateway
7.53
sap/ui5
1.0.0
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026