Kay

security researcher @MalwareBenchmark.

CVE-2017-15916: RCE in OpenUI5

Framwork: OpenUI5

Published: November 06th, 2017

Reported by: Kay

Overview

OpenUI5 is an open source JavaScript UI library, maintained by SAP and available under the Apache 2.0 license. OpenUI5 supports data binding to different models (JSON, XML and OData). An issue was discovered in sap.ui.support, which may cause Remote Code Execution.

PoC and details are coming soon…

vulnerability

« CVE-2017-15871: DoS through IIFE CVE-2017-15806: Critical RCE vulnerability »