• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1487217

Главная Специалистам База уязвимостей Не установлено обновление Note 1487217

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1487217-2) SAP Support Packages (CRM_JAVA_APPLICATIONS_50_SP016_000017, CRM_JAVA_APPLICATIONS_50_SP999999_999999, CRM_JAVA_APPLICATIONS_52_SP009_000015, CRM_JAVA_APPLICATIONS_52_SP999999_999999, CRM_JAVA_APPLICATIONS_60_SP006_000017, CRM_JAVA_APPLICATIONS_60_SP999999_999999, CRM_JAVA_APPLICATIONS_70_SP006_000016, CRM_JAVA_APPLICATIONS_70_SP999999_999999, CRM_JAVA_COMPONENTS_50_SP016_000017, CRM_JAVA_COMPONENTS_50_SP999999_999999, CRM_JAVA_COMPONENTS_52_SP009_000015, CRM_JAVA_COMPONENTS_52_SP999999_999999, CRM_JAVA_COMPONENTS_60_SP006_000017, CRM_JAVA_COMPONENTS_60_SP999999_999999, CRM_JAVA_COMPONENTS_70_SP006_000016, CRM_JAVA_COMPONENTS_70_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_50_SP016_000017, CRM_JAVA_WEB_COMPONENTS_50_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_52_SP009_000015, CRM_JAVA_WEB_COMPONENTS_52_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_60_SP006_000017, CRM_JAVA_WEB_COMPONENTS_60_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_70_SP006_000016, CRM_JAVA_WEB_COMPONENTS_70_SP999999_999999, SAP_SHARED_JAVA_APPLIC_50_SP016_000017, SAP_SHARED_JAVA_APPLIC_50_SP999999_999999, SAP_SHARED_JAVA_APPLIC_52_SP009_000015, SAP_SHARED_JAVA_APPLIC_52_SP999999_999999, SAP_SHARED_JAVA_APPLIC_60_SP006_000017, SAP_SHARED_JAVA_APPLIC_60_SP999999_999999, SAP_SHARED_JAVA_APPLIC_70_SP006_000016, SAP_SHARED_JAVA_APPLIC_70_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_50_SP016_000017, SAP_SHARED_JAVA_COMPONENTS_50_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_52_SP009_000015, SAP_SHARED_JAVA_COMPONENTS_52_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_60_SP006_000017, SAP_SHARED_JAVA_COMPONENTS_60_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_70_SP006_000016, SAP_SHARED_JAVA_COMPONENTS_70_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_50_SP016_000017, SAP_SHARED_WEB_COMPONENTS_50_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_52_SP009_000015, SAP_SHARED_WEB_COMPONENTS_52_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_60_SP006_000017, SAP_SHARED_WEB_COMPONENTS_60_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_70_SP006_000016, SAP_SHARED_WEB_COMPONENTS_70_SP999999_999999)
Описание
Some pages within the One Step Business Scenario of the Web Channel B2B  application enable a cross domain redirection to occur. A malicious user  can include a URL from a different domain to the target application into  a URL which can then be sent to users of the target application.  The  user believes the content to be delivered from the target application,  (the B2B or the SRM application), however when such a page is visited,  content is delivered from the domain of the malicious user#s own choosing.
Как исправить
This note contains Java corrections for E-Commerce and CRM Web
Channel.

Software components: SAP-SHRJAV, SAP-SHRWEB

Development components: crm/isa/isacore, crm/tc/web/core

Changed files: OciLinesSendAction.java, general-security-config-data.xml, xcmadmin-security-config.xml
Ссылки