CVE-2019-0388
MEDIUMSAP UI5 - Content Manipulation via Insufficient URL Validation
Title source: llmDescription
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2843016
Scores
CVSS v3
5.3
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-290
Status
published
Products (6)
sap/ui
2.0
sap/ui
7.5
sap/ui
7.51
sap/ui
7.52
sap/ui
7.53
sap/ui
7.54
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026