{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T21:59:35.933","vulnerabilities":[{"cve":{"id":"CVE-2019-0316","sourceIdentifier":"cna@sap.com","published":"2019-06-14T19:29:00.340","lastModified":"2026-06-17T02:08:10.073","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scripts in certain servlets, which will be executed when the victim is tricked to click on those malicious links, resulting in reflected Cross Site Scripting vulnerability."},{"lang":"es","value":"SAP NetWeaver Process Integration, versiones: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 a 7.11, 7.30, 7.31, 7.40, 7.50, no valida suficientemente las entradas controladas por el usuario, lo que permite a un atacante que posee privilegios de administrador leer y modificar datos del navegador de la víctima , al inyectar scripts maliciosos en ciertos servlets, que se ejecutarán cuando se engañe a la víctima para que haga clic en esos enlaces maliciosos, lo que da como resultado una vulnerabilidad de Cross Site Scripting reflejada."}],"affected":[{"source":"cna@sap.com","affectedData":[{"vendor":"SAP SE","product":"SAP NetWeaver Process Integration(SAP_XIESR)","versions":[{"version":"< 7.20","status":"affected"}]},{"vendor":"SAP SE","product":"SAP NetWeaver Process Integration(SAP_XITOOL)","versions":[{"version":"< 7.10 to 7.11","status":"affected"},{"version":"< 7.30","status":"affected"},{"version":"< 7.31","status":"affected"},{"version":"< 7.40","status":"affected"},{"version":"< 7.50","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*","matchCriteriaId":"75E83C25-D30B-4459-A1F1-DE7EC9FD46BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*","matchCriteriaId":"900D10B0-B47B-46B0-A0A9-8E41660429DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*","matchCriteriaId":"D57CEB9D-5C06-4B3E-A36E-5B8689CA5657"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*","matchCriteriaId":"3062CE84-B6E2-40DE-B7B1-0752FC21BFAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*","matchCriteriaId":"587D81FB-B2ED-4184-9258-A38A18B36DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*","matchCriteriaId":"A325699D-6AB0-4BBC-A21C-A974FA1612DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*","matchCriteriaId":"2A3A3226-28D1-4B43-942B-F41BD340E746"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/2745917","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2745917","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}