Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2019-06-12T14:21:39

Updated: 2024-08-04T17:44:16.457Z

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-0305

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-12T15:29:00.270

Modified: 2024-11-21T04:16:39.483

Link: CVE-2019-0305

cve-icon Redhat

No data.