Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1161767-6)
Описание
Webdynpro URL parameters such as sap-wd-cltwndid,sap-wd-appwndid and sap-ext-sid allow arbitrary HTML/Script code to be injected into the HTML output of Web Dynpro.
Как исправить
This issue has been fixed in Webdynpro Runtime. The solution is available in the following support packages.
NW04, SP23 and above.
NW04S, SP09 and above.
Note: NW04S, EHP's and higher releases of WebDynpro are not affected as they already contain the solution.
Additionally, the solution is available in the patches of the following
releases.
1) NW04, SP21(Refer note 1120165)
SAPJTECH21P patch level 1
2) NW04, SP22(Refer note 1166463)
SAPJTECH22P patch level 1
3) NW04S, SP08(Refer note 959111)
SAPJTECHF08P patch level 15
SAPJTECHS08P patch level 16
NW04, SP23 and above.
NW04S, SP09 and above.
Note: NW04S, EHP's and higher releases of WebDynpro are not affected as they already contain the solution.
Additionally, the solution is available in the patches of the following
releases.
1) NW04, SP21(Refer note 1120165)
SAPJTECH21P patch level 1
2) NW04, SP22(Refer note 1166463)
SAPJTECH22P patch level 1
3) NW04S, SP08(Refer note 959111)
SAPJTECHF08P patch level 15
SAPJTECHS08P patch level 16
Ссылки