Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1450166-3)
SAP Support Packages
(ENGINEAPI_710_SP009_000006, ENGINEAPI_710_SP010_000003, ENGINEAPI_710_SP011_000000, ENGINEAPI_710_SP012_000000, ENGINEAPI_710_SP999999_999999, ENGINEAPI_711_SP003_000007, ENGINEAPI_711_SP004_000007, ENGINEAPI_711_SP005_000003, ENGINEAPI_711_SP999999_999999, ENGINEAPI_720_SP001_000005, ENGINEAPI_720_SP002_000006, ENGINEAPI_720_SP003_000001, ENGINEAPI_720_SP999999_999999, J2EE_ENGINE_APPLICATIONS_710_SP009_000004, J2EE_ENGINE_APPLICATIONS_710_SP010_000003, J2EE_ENGINE_APPLICATIONS_710_SP011_000000, J2EE_ENGINE_APPLICATIONS_710_SP012_000000, J2EE_ENGINE_APPLICATIONS_710_SP999999_999999, J2EE_ENGINE_APPLICATIONS_711_SP003_000011, J2EE_ENGINE_APPLICATIONS_711_SP004_000008, J2EE_ENGINE_APPLICATIONS_711_SP005_000007, J2EE_ENGINE_APPLICATIONS_711_SP006_000000, J2EE_ENGINE_APPLICATIONS_711_SP007_000000, J2EE_ENGINE_APPLICATIONS_711_SP999999_999999, J2EE_ENGINE_APPLICATIONS_720_SP001_000006, J2EE_ENGINE_APPLICATIONS_720_SP002_000006, J2EE_ENGINE_APPLICATIONS_720_SP003_000003, J2EE_ENGINE_APPLICATIONS_720_SP004_000000, J2EE_ENGINE_APPLICATIONS_720_SP999999_999999, J2EE_ENGINE_APPLICATIONS_730_SP001_000000, J2EE_ENGINE_APPLICATIONS_730_SP002_000000, J2EE_ENGINE_APPLICATIONS_730_SP999999_999999, J2EE_ENGINE_FACADE_711_SP003_000002, J2EE_ENGINE_FACADE_711_SP004_000003, J2EE_ENGINE_FACADE_711_SP005_000003, J2EE_ENGINE_FACADE_711_SP999999_999999, J2EE_ENGINE_FACADE_720_SP001_000001, J2EE_ENGINE_FACADE_720_SP002_000002, J2EE_ENGINE_FACADE_720_SP003_000001, J2EE_ENGINE_FACADE_720_SP999999_999999, J2EE_ENGINE_SERVERCORE_710_SP009_000019, J2EE_ENGINE_SERVERCORE_710_SP010_000010, J2EE_ENGINE_SERVERCORE_710_SP011_000000, J2EE_ENGINE_SERVERCORE_710_SP012_000000, J2EE_ENGINE_SERVERCORE_710_SP999999_999999, J2EE_ENGINE_SERVERCORE_711_SP003_000021, J2EE_ENGINE_SERVERCORE_711_SP004_000016, J2EE_ENGINE_SERVERCORE_711_SP005_000008, J2EE_ENGINE_SERVERCORE_711_SP006_000000, J2EE_ENGINE_SERVERCORE_711_SP007_000000, J2EE_ENGINE_SERVERCORE_711_SP999999_999999, J2EE_ENGINE_SERVERCORE_720_SP001_000009, J2EE_ENGINE_SERVERCORE_720_SP002_000009, J2EE_ENGINE_SERVERCORE_720_SP003_000005, J2EE_ENGINE_SERVERCORE_720_SP004_000000, J2EE_ENGINE_SERVERCORE_720_SP999999_999999, J2EE_ENGINE_SERVERCORE_730_SP001_000000, J2EE_ENGINE_SERVERCORE_730_SP002_000000, J2EE_ENGINE_SERVERCORE_730_SP999999_999999, SAP_J2EE_ENGINE_640_SP024_000003, SAP_J2EE_ENGINE_640_SP025_000006, SAP_J2EE_ENGINE_640_SP026_000004, SAP_J2EE_ENGINE_640_SP027_000000, SAP_J2EE_ENGINE_640_SP028_000000, SAP_J2EE_ENGINE_640_SP999999_999999, SAP_J2EE_ENGINE_700_SP020_000008, SAP_J2EE_ENGINE_700_SP021_000009, SAP_J2EE_ENGINE_700_SP022_000004, SAP_J2EE_ENGINE_700_SP023_000000, SAP_J2EE_ENGINE_700_SP024_000000, SAP_J2EE_ENGINE_700_SP999999_999999, SAP_J2EE_ENGINE_701_SP004_000005, SAP_J2EE_ENGINE_701_SP005_000009, SAP_J2EE_ENGINE_701_SP006_000009, SAP_J2EE_ENGINE_701_SP007_000005, SAP_J2EE_ENGINE_701_SP008_000000, SAP_J2EE_ENGINE_701_SP009_000000, SAP_J2EE_ENGINE_701_SP999999_999999, SAP_J2EE_ENGINE_702_SP003_000007, SAP_J2EE_ENGINE_702_SP004_000005, SAP_J2EE_ENGINE_702_SP005_000001, SAP_J2EE_ENGINE_702_SP006_000000, SAP_J2EE_ENGINE_702_SP007_000000, SAP_J2EE_ENGINE_702_SP999999_999999, SAP_J2EE_ENGINE_CORE_640_SP024_000008, SAP_J2EE_ENGINE_CORE_640_SP025_000007, SAP_J2EE_ENGINE_CORE_640_SP026_000004, SAP_J2EE_ENGINE_CORE_640_SP027_000000, SAP_J2EE_ENGINE_CORE_640_SP028_000000, SAP_J2EE_ENGINE_CORE_640_SP999999_999999, SAP_J2EE_ENGINE_CORE_700_SP019_000021, SAP_J2EE_ENGINE_CORE_700_SP020_000018, SAP_J2EE_ENGINE_CORE_700_SP021_000013, SAP_J2EE_ENGINE_CORE_700_SP022_000002, SAP_J2EE_ENGINE_CORE_700_SP023_000000, SAP_J2EE_ENGINE_CORE_700_SP999999_999999, SAP_J2EE_ENGINE_CORE_701_SP004_000018, SAP_J2EE_ENGINE_CORE_701_SP005_000018, SAP_J2EE_ENGINE_CORE_701_SP006_000016, SAP_J2EE_ENGINE_CORE_701_SP007_000004, SAP_J2EE_ENGINE_CORE_701_SP008_000000, SAP_J2EE_ENGINE_CORE_701_SP999999_999999, SAP_J2EE_ENGINE_CORE_702_SP003_000011, SAP_J2EE_ENGINE_CORE_702_SP004_000006, SAP_J2EE_ENGINE_CORE_702_SP005_000000, SAP_J2EE_ENGINE_CORE_702_SP007_000000, SAP_J2EE_ENGINE_CORE_702_SP999999_999999, SAP_JAVA_TECH_SERVICES_700_SP019_000021, SAP_JAVA_TECH_SERVICES_700_SP020_000018, SAP_JAVA_TECH_SERVICES_700_SP021_000015, SAP_JAVA_TECH_SERVICES_700_SP022_000006, SAP_JAVA_TECH_SERVICES_700_SP023_000000, SAP_JAVA_TECH_SERVICES_700_SP999999_999999, SAP_JAVA_TECH_SERVICES_701_SP004_000025, SAP_JAVA_TECH_SERVICES_701_SP005_000019, SAP_JAVA_TECH_SERVICES_701_SP006_000015, SAP_JAVA_TECH_SERVICES_701_SP007_000004, SAP_JAVA_TECH_SERVICES_701_SP008_000000, SAP_JAVA_TECH_SERVICES_701_SP999999_999999, SAP_JAVA_TECH_SERVICES_702_SP003_000008, SAP_JAVA_TECH_SERVICES_702_SP004_000005, SAP_JAVA_TECH_SERVICES_702_SP005_000000, SAP_JAVA_TECH_SERVICES_702_SP006_000000, SAP_JAVA_TECH_SERVICES_702_SP007_000000, SAP_JAVA_TECH_SERVICES_702_SP999999_999999)
Описание
An unprotected application might allow executing certain functions by referencing specific URLs. When malicious user tricks an authenticated user's browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the authenticated user.
The malicious user may use a cross-site scripting attack to do this, or they may present a link to the victim.
The malicious user may use a cross-site scripting attack to do this, or they may present a link to the victim.
Как исправить
Deploy the latest patch level of the SCAs described in the validity section. This will add the XSRF Protection Framework to your system.
To protect applications from XSRF attacks they need to be adopted to the XSRF Protection Framework, as described in the attached guide.
To protect applications from XSRF attacks they need to be adopted to the XSRF Protection Framework, as described in the attached guide.
Ссылки