[Description]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is
vulnerable to Content Spoofing in multiples parameters.

------------------------------- [Description]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 is
vulnerable to Content Spoofing in multiples parameters.

------------------------------------------
CVE
CVE-2019-0319

------------------------------------------

[Impact]
An attacker could thus mislead a user to believe this information is from
the legitimate service when it's not.

------------------------------------------

[VulnerabilityType Other]
Content Spoofing

------------------------------------------

[Vendor of Product]
SAP

------------------------------------------

[Affected Product]
SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53

------------------------------------------

[PoC]
Tested in SAPUI5 1.0.0
PoC:

https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P
',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Reference]
https://capec.mitre.org/data/definitions/148.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319
------------------------------------------

[Discoverer]
Offensive0Labs - Rafael Fontes Souza




References below:
"SAP Product Security Response Team
seg, 8 de jul 04:33 (há 6 dias)
para eu, SAP

Hello Rafael,

We are pleased to inform you that we are releasing the following security
note on July Patch Day 2019:

Sec Incident ID(s) 1870475251

Security Note 2752614

Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP
Gateway

Advisory Plan Date 10/09/2019

Delivery date of fix/Patch Day 07/09/2019

CVSS Base Score 4.3

CVSS Base Vector NLNR | U | NLN

Credits go to:

Offensive0Labs, Rafael Fontes Souza

*Notes will be visible to customers on 9th of July 2019.

https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers

"