Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1485927-5)
SAP Support Packages
(SAPKB70023, SAPKB70024, SAPKB70108, SAPKB70109, SAPKB70205, SAPKB70206, SAPKB70207, SAPKB71011, SAPKB71012, SAPKB71106, SAPKB71107, SAPKB72004, SAPKB73002)
Описание
The display of the process monitoring overview executes certain functions by referencing specific URLs with parameters. When a malicious user tricks an authenticated user#s browser into making a request containing a certain URL and specific parameters, the functions in the display of the process monitoring overview are executed with the rights of the authenticated user. The malicious user may use a cross-site scripting attack to do this, or they may present a link to the victim (in the form of an e-mail, for example).
Как исправить
Import a current Support Package.
Ссылки