• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1372831

Главная Специалистам База уязвимостей Не установлено обновление Note 1372831

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1372831-10) SAP Support Packages (SAP_JAVA_TECH_SERVICES_640_SP025_000000, SAP_JAVA_TECH_SERVICES_640_SP999999_999999, SAP_JAVA_TECH_SERVICES_700_SP019_000003, SAP_JAVA_TECH_SERVICES_700_SP020_000001, SAP_JAVA_TECH_SERVICES_700_SP021_000000, SAP_JAVA_TECH_SERVICES_700_SP999999_999999, SAP_JAVA_TECH_SERVICES_701_SP005_000001, SAP_JAVA_TECH_SERVICES_701_SP006_000000, SAP_JAVA_TECH_SERVICES_701_SP999999_999999, SAP_JAVA_TECH_SERVICES_702_SP002_000000, SAP_JAVA_TECH_SERVICES_702_SP999999_999999)
Описание
WS Navigator displays the passed parameter as a title of the page.
Как исправить
The XSS security issue is fixed in the following releases:
SAP NetWeaver 2004 SPS 23
SAP NetWeaver 7.0 SPS 14
SAP NetWeaver 7.0 including Enhancement Package 1 SPS 0
SAP NetWeaver 7.0 including Enhancement Package 2 SPS 0

The JavaScript code will be still displayed on the page but won't be executed.

In the following releases the XSS problem is fully fixed and the parameters are not displayed anymore:
SAP NetWeaver 2004 SPS 24 - find attached a fixed SDA
SAP NetWeaver 2004 SPS 25
SAP NetWeaver 7.0 SPS 19 Patch Level 3
SAP NetWeaver 7.0 including Enhancement Package 1 SPS 6
SAP NetWeaver 7.0 including Enhancement Package 2 SPS 2
Ссылки