Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1430970-3)
SAP Support Packages
(SAPKB70022, SAPKB71010)
Описание
Web Dynpro ABAP executes functions by calling certain URLs with parameters. If an attacker succeeds in executing any requests in the browser of a user who is logged on, the attacker can call functions in Web Dynpro ABAP applications with the rights of the user. To do so, an attacker may exploit a possible cross-site scripting vulnerability or may supply the user with a special link in the form of an e-mail, for example.
Как исправить
Implement the correction instructions or import the relevant Support Package.
Ссылки