Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1493685-3)
SAP Support Packages
(SAPKU52011, SAPKU60009, SAPKU70009, SAPKU70102)
Описание
Coding XML generation vulnerable to attack by external party
Как исправить
Apply this note.
Aspects to Consider:
The data returned from BW is converted into XML format and sent back to application front in HTTP response header. The XML data itself is vulnerable to attack if the data is exploitable.
Please note: After the note has been applied, there should be no visible difference in the reports rendered by the OLTP component. The data from BW is escaped to prevent any malicious code from being injected but it does not change the data content of the structure.
Aspects to Consider:
The data returned from BW is converted into XML format and sent back to application front in HTTP response header. The XML data itself is vulnerable to attack if the data is exploitable.
Please note: After the note has been applied, there should be no visible difference in the reports rendered by the OLTP component. The data from BW is escaped to prevent any malicious code from being injected but it does not change the data content of the structure.
Ссылки