Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1484128-3)
SAP Support Packages
(SAPK-60011INCRMUIF, SAPK-70009INWEBCUIF, SAPK-70103INWEBCUIF, SAPK-73001INWEBCUIF)
Описание
You are running an application that is based on the WEB UI Framework: WEBCUIF or CRMUIF. An attacker who is familiar with the Search Help functionality in those two frameworks can invoke an arbitrary DDIC Search Help and display without any authorization the data retrieved by such a Search Help. This will lead only to the exposure of such master data but the attacker cannot, by means of this feature, modify or compromise the integrity of the data. For this scenario, a valid and authenticated user is required.
Как исправить
Please, apply the correction instructions attached to this note
Ссылки