• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1450166

Главная Специалистам База уязвимостей Не установлено обновление Note 1450166

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1450166-3) SAP Support Packages (ENGINEAPI_710_SP009_000006, ENGINEAPI_710_SP010_000003, ENGINEAPI_710_SP011_000000, ENGINEAPI_710_SP012_000000, ENGINEAPI_710_SP999999_999999, ENGINEAPI_711_SP003_000007, ENGINEAPI_711_SP004_000007, ENGINEAPI_711_SP005_000003, ENGINEAPI_711_SP999999_999999, ENGINEAPI_720_SP001_000005, ENGINEAPI_720_SP002_000006, ENGINEAPI_720_SP003_000001, ENGINEAPI_720_SP999999_999999, J2EE_ENGINE_APPLICATIONS_710_SP009_000004, J2EE_ENGINE_APPLICATIONS_710_SP010_000003, J2EE_ENGINE_APPLICATIONS_710_SP011_000000, J2EE_ENGINE_APPLICATIONS_710_SP012_000000, J2EE_ENGINE_APPLICATIONS_710_SP999999_999999, J2EE_ENGINE_APPLICATIONS_711_SP003_000011, J2EE_ENGINE_APPLICATIONS_711_SP004_000008, J2EE_ENGINE_APPLICATIONS_711_SP005_000007, J2EE_ENGINE_APPLICATIONS_711_SP006_000000, J2EE_ENGINE_APPLICATIONS_711_SP007_000000, J2EE_ENGINE_APPLICATIONS_711_SP999999_999999, J2EE_ENGINE_APPLICATIONS_720_SP001_000006, J2EE_ENGINE_APPLICATIONS_720_SP002_000006, J2EE_ENGINE_APPLICATIONS_720_SP003_000003, J2EE_ENGINE_APPLICATIONS_720_SP004_000000, J2EE_ENGINE_APPLICATIONS_720_SP999999_999999, J2EE_ENGINE_APPLICATIONS_730_SP001_000000, J2EE_ENGINE_APPLICATIONS_730_SP002_000000, J2EE_ENGINE_APPLICATIONS_730_SP999999_999999, J2EE_ENGINE_FACADE_711_SP003_000002, J2EE_ENGINE_FACADE_711_SP004_000003, J2EE_ENGINE_FACADE_711_SP005_000003, J2EE_ENGINE_FACADE_711_SP999999_999999, J2EE_ENGINE_FACADE_720_SP001_000001, J2EE_ENGINE_FACADE_720_SP002_000002, J2EE_ENGINE_FACADE_720_SP003_000001, J2EE_ENGINE_FACADE_720_SP999999_999999, J2EE_ENGINE_SERVERCORE_710_SP009_000019, J2EE_ENGINE_SERVERCORE_710_SP010_000010, J2EE_ENGINE_SERVERCORE_710_SP011_000000, J2EE_ENGINE_SERVERCORE_710_SP012_000000, J2EE_ENGINE_SERVERCORE_710_SP999999_999999, J2EE_ENGINE_SERVERCORE_711_SP003_000021, J2EE_ENGINE_SERVERCORE_711_SP004_000016, J2EE_ENGINE_SERVERCORE_711_SP005_000008, J2EE_ENGINE_SERVERCORE_711_SP006_000000, J2EE_ENGINE_SERVERCORE_711_SP007_000000, J2EE_ENGINE_SERVERCORE_711_SP999999_999999, J2EE_ENGINE_SERVERCORE_720_SP001_000009, J2EE_ENGINE_SERVERCORE_720_SP002_000009, J2EE_ENGINE_SERVERCORE_720_SP003_000005, J2EE_ENGINE_SERVERCORE_720_SP004_000000, J2EE_ENGINE_SERVERCORE_720_SP999999_999999, J2EE_ENGINE_SERVERCORE_730_SP001_000000, J2EE_ENGINE_SERVERCORE_730_SP002_000000, J2EE_ENGINE_SERVERCORE_730_SP999999_999999, SAP_J2EE_ENGINE_640_SP024_000003, SAP_J2EE_ENGINE_640_SP025_000006, SAP_J2EE_ENGINE_640_SP026_000004, SAP_J2EE_ENGINE_640_SP027_000000, SAP_J2EE_ENGINE_640_SP028_000000, SAP_J2EE_ENGINE_640_SP999999_999999, SAP_J2EE_ENGINE_700_SP020_000008, SAP_J2EE_ENGINE_700_SP021_000009, SAP_J2EE_ENGINE_700_SP022_000004, SAP_J2EE_ENGINE_700_SP023_000000, SAP_J2EE_ENGINE_700_SP024_000000, SAP_J2EE_ENGINE_700_SP999999_999999, SAP_J2EE_ENGINE_701_SP004_000005, SAP_J2EE_ENGINE_701_SP005_000009, SAP_J2EE_ENGINE_701_SP006_000009, SAP_J2EE_ENGINE_701_SP007_000005, SAP_J2EE_ENGINE_701_SP008_000000, SAP_J2EE_ENGINE_701_SP009_000000, SAP_J2EE_ENGINE_701_SP999999_999999, SAP_J2EE_ENGINE_702_SP003_000007, SAP_J2EE_ENGINE_702_SP004_000005, SAP_J2EE_ENGINE_702_SP005_000001, SAP_J2EE_ENGINE_702_SP006_000000, SAP_J2EE_ENGINE_702_SP007_000000, SAP_J2EE_ENGINE_702_SP999999_999999, SAP_J2EE_ENGINE_CORE_640_SP024_000008, SAP_J2EE_ENGINE_CORE_640_SP025_000007, SAP_J2EE_ENGINE_CORE_640_SP026_000004, SAP_J2EE_ENGINE_CORE_640_SP027_000000, SAP_J2EE_ENGINE_CORE_640_SP028_000000, SAP_J2EE_ENGINE_CORE_640_SP999999_999999, SAP_J2EE_ENGINE_CORE_700_SP019_000021, SAP_J2EE_ENGINE_CORE_700_SP020_000018, SAP_J2EE_ENGINE_CORE_700_SP021_000013, SAP_J2EE_ENGINE_CORE_700_SP022_000002, SAP_J2EE_ENGINE_CORE_700_SP023_000000, SAP_J2EE_ENGINE_CORE_700_SP999999_999999, SAP_J2EE_ENGINE_CORE_701_SP004_000018, SAP_J2EE_ENGINE_CORE_701_SP005_000018, SAP_J2EE_ENGINE_CORE_701_SP006_000016, SAP_J2EE_ENGINE_CORE_701_SP007_000004, SAP_J2EE_ENGINE_CORE_701_SP008_000000, SAP_J2EE_ENGINE_CORE_701_SP999999_999999, SAP_J2EE_ENGINE_CORE_702_SP003_000011, SAP_J2EE_ENGINE_CORE_702_SP004_000006, SAP_J2EE_ENGINE_CORE_702_SP005_000000, SAP_J2EE_ENGINE_CORE_702_SP007_000000, SAP_J2EE_ENGINE_CORE_702_SP999999_999999, SAP_JAVA_TECH_SERVICES_700_SP019_000021, SAP_JAVA_TECH_SERVICES_700_SP020_000018, SAP_JAVA_TECH_SERVICES_700_SP021_000015, SAP_JAVA_TECH_SERVICES_700_SP022_000006, SAP_JAVA_TECH_SERVICES_700_SP023_000000, SAP_JAVA_TECH_SERVICES_700_SP999999_999999, SAP_JAVA_TECH_SERVICES_701_SP004_000025, SAP_JAVA_TECH_SERVICES_701_SP005_000019, SAP_JAVA_TECH_SERVICES_701_SP006_000015, SAP_JAVA_TECH_SERVICES_701_SP007_000004, SAP_JAVA_TECH_SERVICES_701_SP008_000000, SAP_JAVA_TECH_SERVICES_701_SP999999_999999, SAP_JAVA_TECH_SERVICES_702_SP003_000008, SAP_JAVA_TECH_SERVICES_702_SP004_000005, SAP_JAVA_TECH_SERVICES_702_SP005_000000, SAP_JAVA_TECH_SERVICES_702_SP006_000000, SAP_JAVA_TECH_SERVICES_702_SP007_000000, SAP_JAVA_TECH_SERVICES_702_SP999999_999999)
Описание
An unprotected application might allow executing certain functions by  referencing specific URLs. When malicious user tricks an authenticated  user's browser into making a request containing a certain URL and  specific parameters, the function is executed with the rights of the authenticated user.
The malicious user may use a cross-site scripting attack to do this, or they may present a link to the victim.
Как исправить
Deploy the latest patch level of the SCAs described in the validity section. This will add the XSRF Protection Framework to your system.

To protect applications from XSRF attacks they need to be adopted to the XSRF Protection Framework, as described in the attached guide.
Ссылки