• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1495421

Главная Специалистам База уязвимостей Не установлено обновление Note 1495421

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1495421-2) SAP Support Packages (SAPK-40013INCRMIS, SAPK-52012INCRMUIF, SAPK-60011INCRMUIF, SAPK-70009INWEBCUIF, SAPK-70102INWEBCUIF, SAPK-73001INWEBCUIF, SAPKA70024, SAPKU40018)
Описание
The interactive scripting editor executes certain functions through  referencing specific URLs. When an attacker tricks an authenticated  user#s browser into making a request containing a certain URL and  specific parameters, the function is executed with the rights of the user.
If present, the attacker may use a Cross Site Scripting attack to  trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
The issue can be fixed by applying attached correction request.The solution is to escape the URL referred by the Interactive Scripting Editor.

CRM 4.0 with SAP BASIS 620.
***************************
Check the correction instructions for BBPCRM 4.0 and apply the corresponding changes in the BSP pages mentioned in the correction instruction. SNOTE is not capable to implement the changes automatically.



------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component BBPCRM BBP / CRM |
| Release 400 SAPKU40002 - SAPKU40017 |
------------------------------------------------------------------------

CRM 4.0 with SAP BASIS 620.
***************************

Implement the corrections from the correction instructions attached to the note for into your system for BBPCRM 4.0.
Ссылки