Vulnerability Details CVE-2008-3358
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/51627
- http://secunia.com/advisories/33685
- http://service.sap.com/sap/support/notes/1235253
- http://www.csnc.ch/misc/files/advisories/CVE-2008-3358.txt
- http://www.securityfocus.com/archive/1/500415/100/0/threaded
- http://www.securityfocus.com/bid/33465
- http://www.securitytracker.com/id?1021638
- http://www.vupen.com/english/advisories/2009/0255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48237
- http://osvdb.org/51627
- http://secunia.com/advisories/33685
- http://service.sap.com/sap/support/notes/1235253
- http://www.csnc.ch/misc/files/advisories/CVE-2008-3358.txt
- http://www.securityfocus.com/archive/1/500415/100/0/threaded
- http://www.securityfocus.com/bid/33465
- http://www.securitytracker.com/id?1021638
- http://www.vupen.com/english/advisories/2009/0255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48237
Products affected by CVE-2008-3358
-
cpe:2.3:a:microsoft:internet_explorer:7.0.5730
-
cpe:2.3:a:sap:netweaver:-
-
cpe:2.3:a:sap:netweaver:2004s
-
cpe:2.3:a:sap:netweaver:4.0
-
cpe:2.3:a:sap:netweaver:6.4
-
cpe:2.3:a:sap:netweaver:600
-
cpe:2.3:a:sap:netweaver:602
-
cpe:2.3:a:sap:netweaver:603
-
cpe:2.3:a:sap:netweaver:604
-
cpe:2.3:a:sap:netweaver:605
-
cpe:2.3:a:sap:netweaver:606
-
cpe:2.3:a:sap:netweaver:617
-
cpe:2.3:a:sap:netweaver:618
-
cpe:2.3:a:sap:netweaver:7.0
-
cpe:2.3:a:sap:netweaver:7.01
-
cpe:2.3:a:sap:netweaver:7.02
-
cpe:2.3:a:sap:netweaver:7.03
-
cpe:2.3:a:sap:netweaver:7.1
-
cpe:2.3:a:sap:netweaver:7.10
-
cpe:2.3:a:sap:netweaver:7.11
-
cpe:2.3:a:sap:netweaver:7.2
-
cpe:2.3:a:sap:netweaver:7.20
-
cpe:2.3:a:sap:netweaver:7.22ext
-
cpe:2.3:a:sap:netweaver:7.3
-
cpe:2.3:a:sap:netweaver:7.30
-
cpe:2.3:a:sap:netweaver:7.31
-
cpe:2.3:a:sap:netweaver:7.4
-
cpe:2.3:a:sap:netweaver:7.40
-
cpe:2.3:a:sap:netweaver:7.41
-
cpe:2.3:a:sap:netweaver:7.49
-
cpe:2.3:a:sap:netweaver:7.5
-
cpe:2.3:a:sap:netweaver:7.50
-
cpe:2.3:a:sap:netweaver:7.51
-
cpe:2.3:a:sap:netweaver:7.52
-
cpe:2.3:a:sap:netweaver:7.53
-
cpe:2.3:a:sap:netweaver:7.77
-
cpe:2.3:a:sap:netweaver:7.81
-
cpe:2.3:a:sap:netweaver:7.85
-
cpe:2.3:a:sap:netweaver:7.86
-
cpe:2.3:a:sap:netweaver:700
-
cpe:2.3:a:sap:netweaver:701
-
cpe:2.3:a:sap:netweaver:702
-
cpe:2.3:a:sap:netweaver:707
-
cpe:2.3:a:sap:netweaver:730
-
cpe:2.3:a:sap:netweaver:731
-
cpe:2.3:a:sap:netweaver:737
-
cpe:2.3:a:sap:netweaver:740
-
cpe:2.3:a:sap:netweaver:7400.12.21.30308
-
cpe:2.3:a:sap:netweaver:747
-
cpe:2.3:a:sap:netweaver:750
-
cpe:2.3:a:sap:netweaver:751
-
cpe:2.3:a:sap:netweaver:752
-
cpe:2.3:a:sap:netweaver:753
-
cpe:2.3:a:sap:netweaver:754
-
cpe:2.3:a:sap:netweaver:755
-
cpe:2.3:a:sap:netweaver:756
-
cpe:2.3:a:sap:netweaver:757
-
cpe:2.3:a:sap:netweaver:800
-
cpe:2.3:a:sap:netweaver:802
-
cpe:2.3:a:sap:netweaver:803
-
cpe:2.3:a:sap:netweaver:804
-
cpe:2.3:a:sap:netweaver:805
-
cpe:2.3:a:sap:netweaver:806
-
cpe:2.3:a:sap:netweaver:807
-
cpe:2.3:a:sap:netweaver:application_server_java
-
cpe:2.3:a:sap:netweaver:kernel_7.22
-
cpe:2.3:a:sap:netweaver:kernel_7.53
-
cpe:2.3:a:sap:netweaver:kernel_7.54
-
cpe:2.3:a:sap:netweaver:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver:krnl64nuc_7.22ext
-
cpe:2.3:a:sap:netweaver:krnl64uc_7.22
-
cpe:2.3:a:sap:netweaver:krnl64uc_7.22ext
-
cpe:2.3:a:sap:netweaver:krnl64uc_7.53
-
cpe:2.3:a:sap:netweaver:webdisp_7.22ext
-
cpe:2.3:a:sap:netweaver:webdisp_7.53
-
cpe:2.3:a:sap:netweaver:webdisp_7.54