Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1422572-6)
SAP Support Packages
(SAPKB62068, SAPKB64026, SAPKB70022, SAPKB70107, SAPKB70203, SAPKB71010, SAPKB71105, SAPKB72003)
Описание
Since output is not sufficiently coded in the class CL_HTTP_EXT_FORMTORFC, reflected cross-site scripting may be triggered. As a result, the content of a Web page can be manipulated when a manipulated link is called, for example.
An attacker can use reflected cross-site scripting to steal the logon information of the current session of the victim. The attacker can then use this information to pretend to the server that he is the victim and can use the application with the same rights as the user who was attacked.
If the target of the attack is a user with administrative rights, all of the application data may be comprised as a result.
An attacker can use reflected cross-site scripting to steal the logon information of the current session of the victim. The attacker can then use this information to pretend to the server that he is the victim and can use the application with the same rights as the user who was attacked.
If the target of the attack is a user with administrative rights, all of the application data may be comprised as a result.
Как исправить
Import the relevant Support Package or implement the correction instructions.
Ссылки