• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1467896

Главная Специалистам База уязвимостей Не установлено обновление Note 1467896

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1467896-3) SAP Support Packages (SAP_KERNEL_700_32_BIT_SP283_000283, SAP_KERNEL_700_32_BIT_SP999999_999999, SAP_KERNEL_700_32_BIT_UNICODE_SP283_000283, SAP_KERNEL_700_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_700_64_BIT_SP283_000283, SAP_KERNEL_700_64_BIT_SP999999_999999, SAP_KERNEL_700_64_BIT_UNICODE_SP283_000283, SAP_KERNEL_700_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_701_32_BIT_SP123_000123, SAP_KERNEL_701_32_BIT_SP999999_999999, SAP_KERNEL_701_32_BIT_UNICODE_SP123_000123, SAP_KERNEL_701_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_701_64_BIT_SP123_000123, SAP_KERNEL_701_64_BIT_SP999999_999999, SAP_KERNEL_701_64_BIT_UNICODE_SP123_000123, SAP_KERNEL_701_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_710_32_BIT_SP217_000217, SAP_KERNEL_710_32_BIT_SP999999_999999, SAP_KERNEL_710_32_BIT_UNICODE_SP217_000217, SAP_KERNEL_710_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_710_64_BIT_SP217_000217, SAP_KERNEL_710_64_BIT_SP999999_999999, SAP_KERNEL_710_64_BIT_UNICODE_SP217_000217, SAP_KERNEL_710_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_711_32_BIT_SP099_000099, SAP_KERNEL_711_32_BIT_SP999999_999999, SAP_KERNEL_711_32_BIT_UNICODE_SP099_000099, SAP_KERNEL_711_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_711_64_BIT_SP099_000099, SAP_KERNEL_711_64_BIT_SP999999_999999, SAP_KERNEL_711_64_BIT_UNICODE_SP099_000099, SAP_KERNEL_711_64_BIT_UNICODE_SP999999_999999)
Описание
ICM executes certain functions by referencing specific URLs. When a  malicious user tricks an authenticated user's browser into making a  request containing a certain URL and specific parameters, the function  is executed with the rights of the authenticated user. The malicious  user hast to meet special requirements in order to attack the victim  successfully. The malicious user may use a cross site scripting attack to do this, or they may present a link to the victim.
Как исправить
Use the ICM with the patch level mentioned in the section "SP patch level" or above.
Ссылки