Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1495333-2)
SAP Support Packages
(SAPK-60209INSEMBW, SAPK-60210INSEMBW, SAPK-60308INSEMBW, SAPK-60309INSEMBW, SAPK-60409INSEMBW, SAPK-60410INSEMBW, SAPK-60502INSEMBW, SAPK-60505INSEMBW, SAPK-63401INSEMBW, SAPK-63402INSEMBW, SAPK-70013INSEMBW, SAPKGS4026, SAPKGS6019)
Описание
The SEM-BPS application executes functions when specific URLs are called with parameters. If the attacker can manipulate the browser of a logged-on user so it can execute queries, the attacker can call functions in SEM-BPS with the rights of the user. For this purpose, an attacker can exploit a possible cross-site-scripting issue or create a specific link to the user, for example, in the form of an e-mail.
Как исправить
Implement the attached program corrections.
Ссылки